In this chapter, we explored the final engine of the Java security package--the encryption engine. The encryption engine is part of the Java Cryptography Extension (JCE). Due to export limitations, the JCE from Sun is available only within the United States and Canada. Third-party implementations of the JCE are available elsewhere. No matter where you get it from, the JCE must be obtained separately from the rest of the Java platform.
The encryption engine performs encryption of arbitrary chunks or streams of data according to various algorithms. Though support for RSA and other popular algorithms is possible within the provider architecture, the SunJCE security provider supplies only DES encryption. DES encryption has a different requirement for keys than the other cryptographic engines we've examined--DES encryption depends on both parties in the cryptographic exchange using the same key. Hence the JCE also provides a new key type known as a secret key (or symmetric key), as well as an engine to generate these keys.
Secret keys pose an interesting distribution problem--they cannot be distributed electronically unless the secret key itself is encrypted. This problem is often solved by relying on public key encryption to deliver the encrypted key, after which the symmetric key can be used to create the type of cipher that we've discussed in this chapter. The JCE also includes support for key agreement protocols to accomplish key sharing, one of which (the Diffie-Hellman key agreement protocol) is implemented in the SunJCE security provider.
The encryption engine finally provides what many people envision as the ultimate goal in security: the ability to send arbitrary encrypted data streams in a conversational manner across the network. Although its use is limited by governmental restrictions, it provides the last piece of the Java security puzzle that we outlined at the beginning of this book.
 |  |  |
| 13.8. Sealed Objects |  | A. Security Tools |
Copyright © 2001 O'Reilly & Associates. All rights reserved.