Java Cryptography Extension

The Java Cryptography Extension is based on the same architecture as the Java Cryptography Architecture (JCA) and is seen as part of the JCA. The division into JCA and JCE was necessary because the USA previously restricted the export of cryptographic systems. The JCA only contains hash functions , key generators etc. and was allowed to be freely exported. This was not the case for strong encryption algorithms; therefore they were outsourced to the JCE. Implementations had to be obtained from elsewhere.

Like the JCA classes, the JCE classes are now in the packages java.securityand javax.crypto.

Functionality

The Java Cryptography Extension is based on so-called cryptography providers, which are implementations of various cryptographic concepts abstracted by the JCE. New concepts can easily be added.

The Java Cryptography Extension offers the following functionalities:

• Cipher - Cryptographic algorithms ( symmetrical and asymmetrical ) for encryption, block and stream ciphers
• Key Management - The classes KeyGeneratorfor key generation, KeyAgreementfor the secure negotiation of keys and SecretKeyFactoryfor the decomposition of keys into their parts
• Message Authentication Codes - for calculating authentications for communications
• Secure objects and digital signatures

The Java Cryptography Extension, like the Java Cryptography Architecture, is independent of the implementation of the specific algorithms. Using a service provider interface (SPI), different implementations from different manufacturers can be integrated into the Java runtime environment at the same time. From version 1.4 Java is delivered with a JCE and JCA implementation, but other implementations can easily be reloaded both statically and dynamically.

The most popular JCE implementations include:

• Bouncy Castle - an open source implementation of the Java Cryptography Extension and a "lightweight" Java Cryptography API for J2ME and JDK.
• IAIK-JCE - an implementation of the Institute for Applied Information Processing and Communication Technology (IAIK) of the Graz University of Technology .

example

The following example shows the encryption and decryption of a string using AES - CBC with padding according to PKCS # 7:

// Schlüssel erzeugen
SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();

// Verfahren wählen
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7PADDING");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);

// Umwandlung des Strings nach Bytes basierend auf UTF-8
byte[] utf8Bytes = "Zu verschlüsselnder String".getBytes("UTF8");

// Verschlüsselung
byte[] encryptedBytes = cipher.doFinal(utf8Bytes);

// Base64 encoding um wieder einen String zu bekommen
String encryptedString = java.util.Base64.getEncoder().encodeToString(encryptedBytes);

// Cipher für Entschlüsselung vorbereiten
cipher.init(Cipher.DECRYPT_MODE, secretKey);

// Rückumwandlung in Byte-Array
encryptedBytes = java.util.Base64.getDecoder().decode(encryptedString);

// Entschlüsselung
utf8Bytes = cipher.doFinal(encryptedBytes);

// Rückumwandlung in einen String
return new String(utf8Bytes, "UTF8");

literature

• Jason Weiss: Java Cryptography Extensions . Practical Guide for Programmers. Morgan Kaufmann, 2004, ISBN 978-0-12-742751-5 (English). 
• Rich Helton, Johennie Helton: Java Security Solutions . Wiley, 2002, ISBN 978-0-7645-4928-1 (English). 
• David Hook: Beginning Cryptography with Java . John Wiley & Sons, 2005, ISBN 978-0-7645-9633-9 (English). 

Web links

• http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html Java Cryptography Architecture (JCA) Reference Guide
• http://docs.oracle.com/javase/tutorial/security/index.html - Java tutorial on security in general
• http://docs.oracle.com/javase/7/docs/technotes/guides/security/overview/jsoverview.html - Overview of Java Security

Individual evidence

1. ^ JCE provider of the Australian organization The Legion of the Bouncy Castle
2. ^ IAIK-JCE provider of TU Graz