Saturday, October 31, 2009

Introduction















































Introduction



This book is about using cryptography with Java.


Depending on who you are, you may think of cryptography
as a great menace or as a very useful tool. The truth is that in some
ways it is neither, in other ways it is both. It's neither because, if
you choose, you could easily reduce it to an interesting mathematical
game, with no application. It's both because it most definitely gets
applied, not always well, and not always for purposes that everyone
agrees with. Whichever side of the fence you are on, the one thing
everyone agrees with is that the politics surrounding cryptography and
access to the technology that allows you to use it have been intense.


Java, on the other hand, is simply a programming
language. It arrived on the popular scene in 1995 and has become very
popular as a language for writing applications involving the Internet,
electronic commerce, or a combination of the two. Other than the odd,
often "religious," issue between programmers or companies, the language
itself has carried none of the political problems that have accompanied
cryptography. However, a language by itself won't allow you to develop
secure Internet applications, so it quickly became apparent that it
would be necessary to introduce into Java APIs that allowed people to
make use of cryptography. When this happened the politics arrived and,
for some, using Java suddenly got intense as well. Finally, the
politics subsided and we arrived where we are now, with a rich set of
APIs that allow developers to use cryptography effectively in
application development—providing they know how.


This brings me to why this book was written. People
will still wax lyrically about key sizes and PKI (Public Key
Infrastructure), but what does it all mean, and what does it mean when
you are using Java? The Java APIs afford you a great deal of
flexibility, and although this will allow you to implement an
application using cryptography at a fundamental level, it will also
allow you to tie yourself into some terrible knots. You can avoid this
if you understand a few principals about the way the APIs are put
together. Furthermore, by understanding the relationships between the
high-level APIs and the more fundamental ones, debugging becomes easier
and you can recognize when it is not necessary to build things from
scratch, as, in some cases, the hard work has already been done. In
short, with the right understanding, you can save yourself a lot of
work. This book has been written with the aim of providing that
understanding.




Who This Book Is For


This book is written for people who are Java
developers and are trying to make use of cryptography in their
applications and for people who simply want to understand what's going
on when cryptography is being used in Java applications. It does assume
you are familiar with the Java language, but it does not assume you
have any familiarity with any of the APIs it discusses, such as the
JCA, JCE, the Bouncy Castle APIs, and JavaMail.


If you are already very familiar with the JCE and
the JCA, you might want to skim the first four chapters quickly and
start reading thoroughly from Chapter 5
onward; otherwise, I would recommend you start at the beginning. If you
do skim the first four chapters, you should pay attention to the
development of the utilities class that is added at the start of most
chapters. The reason is that the utilities class used in Chapter 5 and onward builds on the work done in the first four chapters.








































Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)