Safari | Java Security, 2nd Edition -> Preface by Java Security 2nd Edition

Author:Java Security 2nd Edition [Edition, Java Security 2nd]
Language: fra
Format: epub, pdf
Tags: Informatique
Publisher: O'Reilly
Published: 0101-01-01T00:00:00+00:00

212

Chapter 11. Message Digests

similar changes to the Receive class so that it can read the MAC; we won't bother to show the code here (though it is included with the online examples). Note that you must have a secret key in your keystore to run this example; use the StoreKey example from Chapter 10 to create such a key.

11.2.2 Calculating Your Own MAC

A second way to create a MAC is to calculate one directly. This requires that both the sender and receiver of the data have a shared passphrase that they have kept secret, though that's often easier than sharing a secret key.

Using this passphrase, calculating a MAC requires that we:

Calculate the message digest of the secret passphrase concatenated with the data:

1.

MessageDigest md = MessageDigest.getInstance("SHA");

String data = "This have I thought good to deliver thee, " +

"that thou mightst not lose the dues of rejoicing " +

"by being ignorant of what greatness is promised thee.";

String passphrase = "Sleep no more";

byte dataBytes[] = data.getBytes( );

byte passBytes[] = passphrase.getBytes( );

md.update(passBytes);

md.update(dataBytes);

byte digest1[] = md.digest( );

Calculate the message digest of the secret passphrase concatenated with the just−calculated digest: 2.

md.update(passBytes);

md.update(digest1);

byte mac[] = md.digest( );

We can substitute this code in our original Send example, writing out the data string and the MAC to the file.

Note that we can use the same message digest object to calculate both digests since the object is reset after a call to the digest( ) method. Also note that the first digest we calculate is not saved to the file: we save only the data and the MAC. Of course, we must make similar changes to the Receive example; if the MACs are equal, the data was not modified in transit.

As long as we use exactly the same data for the passphrase in both the transmitting and receiving class, the message digests (that is, the MACs) still compare as equal. That gives a certain level of security to the message digest, but it requires that the sender and the receiver agree on what data to use for the passphrase; the passphrase cannot be transmitted along with the text. In this case, the security of the message digest depends upon the security of the passphrase. Normally, of course, you would prompt for that passphrase rather than hardcoding into the source as we've done above. In addition, a good passphrase would not be a well−known string such as we've selected; it would be random bytes (and hence indistinguishable from a secret key).

11.3 Message Digest Streams

The interface to the message digest class requires that you supply the data for the digest as a series of single bytes or byte arrays. As we mentioned earlier, this is not always the most convenient way to process data, which may be coming from a file or other input stream. This brings us to the message digest stream classes.

These classes implement the standard input and output filter stream semantics of Java streams so that data can be written to a digest stream that will calculate the digest as the data itself is written (or the reverse operation for reading data).

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.