Wednesday, 30 December 2015

Sunday, 20 December 2015

The Principal Interface and Other Key Interfaces of java.security

java.security.Principal is the interface in Java for security "principals" such as logins, individuals or other forms of entities. An example class implementation of this interface is X500Principal which has been available since Java 1.4.

Another crucial interface in the java.security package is Key, which is the parent interface for all keys. Keys are fundamental to numerous cryptographic processes, for example in symmetric encryption you encrypt and decrypt with the same key.  All keys are stored with an associated algorithm, usually an encryption or asymmetric operation (e.g. DSA - digital signature algorithm,  or RSA) and an encoded form (perhaps required for processing outside of the JVM). In this light, the methods available on the Key interface will come as no surprise - getAlgorithm returns a String representation of the algorithm name and getEncoded returns a byte array of the encoded key, or null if not applicable.

Keys are so important that even the subinterfaces of Key namely PrivateKey and PublicKey are included in the top-level java.security package.  PrivateKey is merely a marker interface containing no methods or constants. It simply groups (and provide type safety for) all private key interfaces. This is the same pattern for the PublicKey interface. Further subinterfacing is done at the java.security.interfaces level. This includes interfaces for RSA keys and elliptic curve cryptography keys.

Now that we have seen Key (Private and Public) and Principals what else is left?

Java also provides core interfaces for managing Key Stores. As of Java 1.5, a key store can be implemented by subinterfacing or subclassing the marker interface KeyStore.Entry, and KeyStore.LoadStoreParameter.