OWASP - User contributions [en]

OWASP Java Project WIPRO 1 2015

2016-05-25T21:44:27Z

Ledio5485: /* Pages List */

<div style="width:100%;border:0,margin:0;overflow: hidden;">[[File:OWASP_Java_Project_Header.png|link=]]</div>
 

<center>
Wiki Pages Review Operation - 2015/2016
</center>

 

= Main =

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;width:100%" |

91 Pages in category "OWASP Java Pages" have to be reviewed. We use a Google Document where every person interested can let opinions, comments and suggestions. Even reviewing one single page is welcome.

Shared Google document used to comment and review:

https://docs.google.com/spreadsheets/d/13bazikNd5fc9f7ppqMEAxbo0sI3CpOdPgDW5xt3LeMc/edit?usp=sharing

| valign="top" style="padding-left:25px;min-width:200px;border-right: 1px dotted gray;padding-right:25px;" |

== Team ==

 

== Meta ==

* Start: 12/2015
* Last Update: 12/2015

 

== Other Resources ==

N/A

 

| valign="top" style="padding-left:25px;min-width:200px;" |

==Classifications==



|}

= Pages List =

Shared Google document used to write reviews:

https://docs.google.com/spreadsheets/d/13bazikNd5fc9f7ppqMEAxbo0sI3CpOdPgDW5xt3LeMc/edit?usp=sharing

{| class="wikitable"
! Page
! Status
! Review
! Operations
|-
|[[Bytecode obfuscation]]
|
| Outdated but interesting to keep, marked for review. https://www.owasp.org/index.php/Talk:Bytecode_obfuscation
|
|-
|[[Captchas in Java ]]
|
|Updated and not of interest. Marked for deletion.
|DELETED BY ADMIN
|-
|[[Clickjacking Protection for Java EE]]
|
|Flagged for deletion, reason stated on page.
|DELETED BY ADMIN
|-
|[[Command injection in Java]]
|
|Marked for review.
|
|-
|[[Comparing classes by name ]]
|
|Marked for review
|
|-
|[[Complejidad Y Longitud De Las Contraseñas ]]
|
|
|
|-
|[[Content Security Policy ]]
|
|
|
|-
|[[CORS OriginHeaderScrutiny]]
|
|
|
|-
|[[CORS RequestPreflighScrutiny]]
|
|
|
|-
|[[Cross-site Scripting (XSS) ]]
|
| Looks updated
| NO ACTION TAKEN
|-
|[[Declarative Access Control in Java]]
|
|gone
|Deleted by admin
|-
|[[Decompiling Java bytecode]]
|
|
| DELETED
|-
|[[Deserialization of untrusted data]]
|
| Looks legit
| Looks legit
|-
|[[Detect profiling phase into web application]]
|
|
|
|-
|[[Exception handling techniques ]]
|
|
|
|-
|[[Failure to follow guideline/specification ]]
|
|
|
|-
|[[Hacking Java Clients ]]
|
|
|
|-
|[[Hashing Java]]
| UNDER REVIEW
| Updated by Mark Gordon. Thank you!
| No action needed
|-
|[[Hibernate]]
|
|
|
|-
|[[Hibernate-Guidelines ]]
|
|
|
|-
|[[How to add validation logic to HttpServletRequest]]
|
|
|
|-
|[[How to encrypt a properties file ]]
|
|
|
|-
|[[Implementacion De Firmas Digitales en Java]]
|
|
|
|-
|[[Improper Data Validation]]
|
|
|
|-
|[[Improper temp file opening ]]
|
|
|
|-
|[[Information Leakage]]
|
|
|
|-
|[[Insecure Randomness]]
|
|
|
|-
|[[Insecure Transport]]
|
|
|
|-
|[[Insufficient Session-ID Length]]
|
|
|
|-
|[[Invoking untrusted mobile code]]
|
|
|
|-
|[[Inyección De Comandos En Java ]]
|
|
|
|-
|[[J2EE Misconfiguration: Unsafe Bean Declaration]]
|
|
|
|-
|[[J2EE third party libraries insecurity]]
|
|
| redirected to dependency check
|-
|[[JAAS Timed Login Module ]]
|
|
| Deleted
|-
|[[JAAS Tomcat Login Module]]
|
|
| Deleted
|-
|[[Java Project Article Wishlist ]]
|
|
|
|-
|[[Java Security Frameworks]]
|
|
| Merged into category page
|-
|[[Java Security Resources ]]
|
|
| Merged into category page
|-
|[[Java Server Faces ]]
|
|
|
|-
|[[JSP errorPage]]
|
|
|
|-
|[[JSP JSTL ]]
|
|
|
|-
|[[Leftover Debug Code]]
|
|
|
|-
|[[Log Forging ]]
|
|
|
|-
|[[Logout]]
|
|
|
|-
|[[Member Field Race Condition]]
|
|
|
|-
|[[Missing Error Handling]]
|
|
|
|-
|[[Mobile Java Security ]]
|
|
|
|-
|[[Null Dereference]]
|
|
|
|-
|[[Object Model Violation: Just One of equals() and hashCode() Defined]]
|
|
|
|-
|[[Often Misused: Authentication ]]
|
|
|
|-
|[[Overly-Broad Catch Block]]
|
|
|
|-
|[[Overly-Broad Throws Declaration]]
|
|
|
|-
|[[OWASP CSRFGuard Project/es ]]
|
|
|
|-
|[[OWASP Java Table of Contents]]
|
|
|
|-
|[[Parameter Validation Filter]]
|
|
|
|-
|[[Password length & complexity]]
|
|
|
|-
|[[Password Management: Hardcoded Password]]
|
|
|
|-
|[[Password Management: Weak Cryptography ]]
|
|
|
|-
|[[Password Plaintext Storage ]]
|
|
|
|-
|[[PDF Attack Filter for Java EE ]]
|
|
|
|-
|[[Poor Logging Practice]]
|
|
|
|-
|[[Preventing LDAP Injection in Java]]
|
|
|
|-
|[[Preventing SQL Injection in Java ]]
|
|
|redirected to sqlI cheatsheet
|-
|[[Process Control]]
|
|
|
|-
|[[Protecting code archives with digital signatures]]
|
|
|
|-
|[[Reflection attack in an auth protocol]]
|
|
|
|-
|[[Return Inside Finally Block]]
|
|
|
|-
|[[Securing tomcat]]
|
|
|
|-
|[[Servlet spec - web.xml]]
|
|
|
|-
|[[Session Fixation]]
|
|
|
|-
|[[Session Timeout]]
|
|
|
|-
|[[Signing jar files with jarsigner ]]
|
|
|
|-
|[[State synchronization error]]
|
|
|
|-
|[[Struts]]
|
|
|
|-
|[[Struts Validation in an ActionForm]]
|
|
|
|-
|[[Struts Validation in validator.xml using an ActionForm]]
|
|
|
|-
|[[Struts XSLT Viewer]]
|
|
|
|-
|[[Traducción Español]]
|
|
|
|-
|[[Trust Boundary Violation]]
|
|
|
|-
|[[Trustworthy Java]]
|
|
| Delete
|-
|[[Uncaught exception]]
|
|
|
|-
|[[Unchecked Return Value: Missing Check against Null ]]
|
|
|
|-
|[[Unreleased Resource]]
|
|
|
|-
|[[Unsafe JNI]]
|
|
|
|-
|[[Unsafe Mobile Code]]
|
|
|
|-
|[[Unsafe Reflection ]]
|
|
|
|-
|[[Using JCaptcha ]]
|
|
| deleted
|-
|[[Using the Java Cryptographic Extensions]]
|
|
|
|-
|[[Using the Java Secure Socket Extensions]]
|
|
|
|-
|[[XPATH Injection Java ]]
|
|
|
|-
|[[OWASP's_ESAPI_Wiki_for_Java!]]
| Check Project Status
|
| The entire ESAPI For Java project needs a review. In progress on ML.
|}

Shared Google document used to write reviews:

https://docs.google.com/spreadsheets/d/13bazikNd5fc9f7ppqMEAxbo0sI3CpOdPgDW5xt3LeMc/edit?usp=sharing

=About=

OWASP Java and JVM Project - Wiki Pages Review Operation 1 - 2015/2016

 

{{Template:Project About
| project_name =OWASP Java Project WIPRO 1 - 2015/2016
| project_description =
| project_license =
| leader_name1 =
| leader_email1 =
| leader_username1 =
| contributor_name1 =
| contributor_email1 =
| contributor_username1 =
| mailing_list_name =
| links_url1 =
| links_name1 =
| links_url2 =
| links_name2 =
}}

__NOTOC__
<headertabs />

 

[[Category:Java]]

Implementacion De Firmas Digitales en Java

2016-05-25T21:23:51Z

Ledio5485: /* References */

== WARNING ==

Jim Manico recently brought to my attention this wiki page, the same who asked me to check exactly. In doing so, I noticed several errors and areas of weakness. Lately, I have the intention to revisit this page (hopefully with the help of one of the original owners), but I do not have time to do a full review at this time. Therefore, I will summarize the problems observed on this page and leaving you the decision to use or not, with these warnings.
 
#First, this page does not describe "digital signatures". Rather, it describes a concept known as "digital envelopes", which is a scheme used with objects such as S / MIME. Digital signatures not only encrypt the actual message text, only encrypts the hash of the message text.
#UTF-8 should be used to convert between Java byte strings and arrays to ensure adequate portability across different operating systems.
#The certificate chain must always be validated. In this example, the certificate is self-signed, so this is not relevant and will not be true in the normal case. Furthermore, it should be noted that the self-signed, but acceptable for demonstration purposes certificates is considered a dubious practice for production, as it opens the door to spoofing attacks.
#[http://www.nist.gov/ NIST] now recommends using key size 2048 bits for RSA or DSA keys.
#There is a consistent use of weak algorithms. Here are some suggested replacements:
## Use "RSA/ECB/OAEPWithSHA1AndMGF1Padding" instead of "RSA/ECB/PKCS1Padding".
## Use SHA1 (or better SHA256, SHA1 but at least) instead of MD5 for message digest.
## Use "SHA1withRSA" for the signature algorithm instead of "MD5withRSA".
## When creating a symmetric encryption system to encrypt the message text, use "AES / CBC / PKCS5Padding" and choose an IV random for each text message instead of simply using "AES", ending with "AES / ECB / PKCS5Padding ". ECB mode is extremely weak for a regular plain text. (OK for random bit encryption, however, is well used with RSA.) However, the use CBC and PKCS5Padding could make it vulnerable to "Padding Oracle" attacks, so caution is advised. You can use Encryptor 2.0 ESAPI 's to avoid it. (Note also, this part is the concept of "on digital". If this page was really limited by "digital signatures" would not apply because it would be irrelevant.)
 
I hope to get soonest, before cleaning this wiki page. Meanwhile, email me your questions.
 
-Kevin Wall

== Overview ==

This article presents a brief overview of the concepts involved with digital signatures and provides code examples for the application of digital signatures in Java using the [http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html Java Cryptography Architecture (JCA)].

=== What is a digital signature? ===

A digital signature is a concept that helps to get the non-repudiation of origin (ie, the integrity of Origin) data. By digitally signing the document, the person signing, says he is the author of the document or the signed message.

=== Need for Digital Signature ===

During the "E" revolution was a need for authentication of critical transactions especially in the financial world. If Alice agreed to transfer $ x to Bob, then there had to be a way for Bob to ensure that:

*It was Alice who performed the transaction and not someone else impersonating Alice (Authentication).
*The amount agreed by Alice is $ x (Integrity).
*Alice could not discuss his statement transaction $ x a Bob (Non-repudiation of origin).

These concerns were treated with a solution known as digital signatures. More background information on digital signatures can be found [http://en.wikipedia.org/wiki/Digital_signature here]

== Digital signatures in Java using JCA ==

Java Cryptography Architecture is a framework for accessing and developing cryptographic functionality for the Java platform. JCA provider implements cryptographic functionality such as digital signatures and message digests. The default JCA provider is SUN JDK 1.4.2.

=== Security considerations when implementing digital signature ===

Two major safety considerations that must be taken into account when applying digital signatures are:

#Sign the message and then encrypt the signed message.
#Sign the hash of the message instead of the entire message.

=== Performance considerations when implementing digital signature ===

Because asymmetric encryption algorithms such as RSA, DSA are computationally slower than symmetric encryption algorithms such as AES, it is a good practice, encrypt the actual message that is transmitted using a symmetric key algorithm and then encrypt the key that is used in symmetric key algorithm using an asymmetric key algorithm. For example, if you want to convey the message "Hello World Digital Signatures", then this message is first encrypted with a symmetric key, for example, an AES 128-bit key as x7oFaHSPnWxEMiZE/0qYrg and then this key is encrypted with an algorithm as RSA asymmetric key.

== Algorithm to implement digital signature using the RSA algorithm ==

The provider RSA Java implementation has a limitation in that encryption can be performed on the data length <= 117 bytes only. If the data is of a length> 117 bytes, it will launch a IllegalBlockSizeException: Data must have more than 117 bytes symmetry there has to be encrypted and then signed.

RSA PKCS # 1 algorithm can only encrypt data size k - 11, where k whose length is one byte and the RSA module 11 is the number of bytes used by the filling PCKS # 1 v1.5. Therefore, if we use an RSA key size of 1024 bits, we could encrypt only 128-11 => 117 bytes of data. There are two options available to encrypt data byte size larger.

#We could use an RSA key length> 1024. For example, using 2048 bits, then we could encrypt 256-11 => 245 bytes of data. The disadvantage of this approach is that it would be capable of encoding data size> x bytes (in the above example x is 245).
#Analyze the input data chunks of bytes in size <117 and apply encryption on each piece. The code example of this approach can be found [http://www.aviransplace.com/2004/10/12/using-rsa-encryption-with-java/3/ here].

Both approaches could affect performance since the RSA key larger or approach of [https://en.wikipedia.org/wiki/Divide_and_conquer_algorithms "divide and conquer"] of input bytes are computationally expensive.

=== Algorithm ===

With the foregoing, the following algorithm can be used for the implementation of public key cryptography in Java.

#Encrypt the message using a symmetric key
#Concatenate the symmetric key + symmetric hash + hash key message.
#Encrypt the concatenated string with the public key of the recipient.
#Sign data to be transmitted (encrypted symmetric key + the + Hash hash key message).
#Validate the signature.
#Deciphering the message with the recipient's private key to obtain the symmetric key.
#Validate the integrity of the key using the hash key.
#It decipher the real message using the symmetric key that has been decrypted, analyzed and integrity checks.
#Calculate MessageDigest of data.
#Validate whether the message digest decrypted text matches the message digest of the original message.

=== Commands for key generation ===

prompt# keytool -genkey -alias testsender -keystore testkeystore.ks -keyalg RSA Enter keystore password: testpwd

What is your first and last name?
[Unknown]: Alice Sender

What is your name?
[Unknown]: IT

What is the name of the OU?
[Unknown]: ABC Inc

What is the name of your organization?
[Unknown]: LA

What is the name of your city or town?
[Unknown]: CA

What is the name of your state or province?
[Unknown]: US

Is CN = Alice Sender, OU = IT, O = ABC Inc, L = LA, ST = CA, C = EE.UU. correct?
[no]: y

Enter the key password for <testsender>
(RETURN if same as keystore password): send123

prompt # keytool -genkey -alias testrecv -keystore testkeystore.ks -keyalg RSA Enter the password of KeyStore: testpwd

What is your name?
[Unknown]: Bob Receiver

What is the name of the OU?
[Unknown]: HR

What is the name of your organization?
[Unknown]: ABC Inc

What is the name of your city or town?
[Unknown]: SFO

What is the name of your state or province?
[Unknown]: CA

What is the country code of two letters for this unit?
[Unknown]: US

Is CN = Bob receptor, OU = HR, O = ABC Inc, L = SFO, ST = CA, C = EE.UU. correct?
[no]: y

Enter the key password for <testrecv>
(RETURN if same as keystore password): recv123

=== Code Example ===

==== PublicKeyCryptography.java ====
<pre>package org.owasp.crypto;

import java.security.*;
import java.security.cert.*;
import javax.crypto.*;

import sun.misc.BASE64Encoder;
import sun.misc.BASE64Decoder;

/ **
*
* @author Joe Prasanna Kumar
*
* 1. Encrypt data using a symmetric key
* 2. Encrypt the symmetric key with the public key Receivers
* 3. Create a message digest of the data to be transmitted
* 4. Sign the message to be transmitted
* 5. Send the data through a nonsecure channel
* 6. Validate signature
* 7. Decoding the message using the private key Pets for the symmetric key
* 8. Deciphering the data using the symmetric key
* 9. Calculate MessageDigest signed message data +
* 10.Valide if the text message digest matches the decrypted message digest of the original message
*/

public class PublicKeyCryptography {

public static void main(String[] args) {

SymmetricEncrypt encryptUtil = new SymmetricEncrypt();
String strDataToEncrypt = "Hello World";
byte[] byteDataToTransmit = strDataToEncrypt.getBytes();

// Generación de un SecretKey para el cifrado simétrico
SecretKey senderSecretKey = SymmetricEncrypt.getSecret();

//1. Cifrar los datos utilizando una clave simétrica
byte[] byteCipherText = encryptUtil.encryptData(byteDataToTransmit,senderSecretKey,"AES");
String strCipherText = new BASE64Encoder().encode(byteCipherText);

//2. Cifrar la clave simétrica con la clave pública
try{
// 2.1 Especifique el almacén de claves que se haya importado el certificado Receptores
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
char [] password = "testpwd".toCharArray();
java.io.FileInputStream fis = new java.io.FileInputStream("/home/Joebi/workspace/OWASP_Crypto/org/owasp/crypto/testkeystore.ks");
ks.load(fis, password);
fis.close();

// 2.2 Creación de un certificado X509 del receptor
X509Certificate recvcert ;
MessageDigest md = MessageDigest.getInstance("MD5");
recvcert = (X509Certificate)ks.getCertificate("testrecv");
// 2.3 Obtención de la llave pública de los certificados
PublicKey pubKeyReceiver = recvcert.getPublicKey();

// 2.4 Cifrado de la SecretKey con la clave pública Receptores
byte[] byteEncryptWithPublicKey = encryptUtil.encryptData(senderSecretKey.getEncoded(),pubKeyReceiver,"RSA/ECB/PKCS1Padding");
String strSenbyteEncryptWithPublicKey = new BASE64Encoder().encode(byteEncryptWithPublicKey);

// 3. Crear un resumen del mensaje de los datos a transmitir
md.update(byteDataToTransmit);
byte byteMDofDataToTransmit[] = md.digest();

String strMDofDataToTransmit = new String();
for (int i = 0; i < byteMDofDataToTransmit.length; i++){
strMDofDataToTransmit = strMDofDataToTransmit + Integer.toHexString((int)byteMDofDataToTransmit[i] & 0xFF) ;
}

// 3.1 Mensaje que se Firmado = clave secreta cifrada + MAC de los datos a transmitir
String strMsgToSign = strSenbyteEncryptWithPublicKey + "|" + strMDofDataToTransmit;

// 4. Firma el mensaje
// 4.1 Obtener la clave privada del remitente desde el almacén de claves, proporcionando la contraseña establecida para la llave privada mientras se crea las llaves usados.
char[] keypassword = "send123".toCharArray();
Key myKey = ks.getKey("testsender", keypassword);
PrivateKey myPrivateKey = (PrivateKey)myKey;

// 4.2 Firmar el mensaje
Signature mySign = Signature.getInstance("MD5withRSA");
mySign.initSign(myPrivateKey);
mySign.update(strMsgToSign.getBytes());
byte[] byteSignedData = mySign.sign();

// 5. Los valores byteSignedData (la firma) y strMsgToSign (los datos que se firmó) se pueden enviar a través del receptor

// 6. Validar la firma
// 6.1 Extraer la clave pública de su certificado de remitentes
X509Certificate sendercert ;
sendercert = (X509Certificate)ks.getCertificate("testsender");
PublicKey pubKeySender = sendercert.getPublicKey();
// 6.2 Verificar la Firma
Signature myVerifySign = Signature.getInstance("MD5withRSA");
myVerifySign.initVerify(pubKeySender);
myVerifySign.update(strMsgToSign.getBytes());

boolean verifySign = myVerifySign.verify(byteSignedData);
if (verifySign == false)
{
System.out.println(" Error in validating Signature ");
}

else
System.out.println(" Successfully validated Signature ");

// 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
char[] recvpassword = "recv123".toCharArray();
Key recvKey = ks.getKey("testrecv", recvpassword);
PrivateKey recvPrivateKey = (PrivateKey)recvKey;

// Analizar el MessageDigest y el valor cifrado
String strRecvSignedData = new String (byteSignedData);
String[] strRecvSignedDataArray = new String [10];
strRecvSignedDataArray = strMsgToSign.split("|");
int intindexofsep = strMsgToSign.indexOf("|");
String strEncryptWithPublicKey = strMsgToSign.substring(0,intindexofsep);
String strHashOfData = strMsgToSign.substring(intindexofsep+1);

// Descifrado para obtener la clave simétrica
byte[] bytestrEncryptWithPublicKey = new BASE64Decoder().decodeBuffer(strEncryptWithPublicKey);
byte[] byteDecryptWithPrivateKey = encryptUtil.decryptData(byteEncryptWithPublicKey,recvPrivateKey,"RSA/ECB/PKCS1Padding");

// 8. Descifrar los datos usando la clave simétrica
javax.crypto.spec.SecretKeySpec secretKeySpecDecrypted = new javax.crypto.spec.SecretKeySpec(byteDecryptWithPrivateKey,"AES");
byte[] byteDecryptText = encryptUtil.decryptData(byteCipherText,secretKeySpecDecrypted,"AES");
String strDecryptedText = new String(byteDecryptText);
System.out.println(" Decrypted data is " +strDecryptedText);

// 9. Calcule MessageDigest de datos + mensaje firmado
MessageDigest recvmd = MessageDigest.getInstance("MD5");
recvmd.update(byteDecryptText);
byte byteHashOfRecvSignedData[] = recvmd.digest();

String strHashOfRecvSignedData = new String();

for (int i = 0; i < byteHashOfRecvSignedData.length; i++){
strHashOfRecvSignedData = strHashOfRecvSignedData + Integer.toHexString((int)byteHashOfRecvSignedData[i] & 0xFF) ;
}
// 10. Validar si la síntesis del mensaje del texto coincide con el mensaje descifrado
Digest of the Original Message

if (!strHashOfRecvSignedData.equals(strHashOfData))
{
System.out.println(" Message has been tampered ");
}

}

catch(Exception exp)
{
System.out.println(" Exception caught " + exp);
exp.printStackTrace();
}

}

}
</pre>

==== SymmetricEncrypt.java ====
<pre>package org.owasp.crypto;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.Cipher;
import java.security.Key;

import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import java.security.InvalidAlgorithmParameterException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;

import sun.misc.BASE64Encoder;

/**
* @author Joe Prasanna Kumar
* Este programa ofrece las funcionalidades criptográficas siguientes
* 1. Cifrado con AES
* 2. El descifrado con AES
*
* Algoritmo de alto nivel:
* 1. Generar una clave DES (especificar el tamaño de la clave durante esta fase)
* 2. Cree el Cipher
* 3. Para cifrar: Inicializar el cifrado para el cifrado
* 4. Para descifrar: Inicializar el cifrado para descifrar
*
*
*/

public class SymmetricEncrypt {

String strDataToEncrypt = new String();
String strCipherText = new String();
String strDecryptedText = new String();
static KeyGenerator keyGen;
private static String strHexVal = "0123456789abcdef";

public static SecretKey getSecret(){
/**
* Paso 1. Generación de una clave AES mediante keygenerator
* Inicializa el tamaño de clave de 128
*
*/

try{
keyGen = KeyGenerator.getInstance("AES");
keyGen.init(128);

}

catch(Exception exp)
{
System.out.println(" Exception inside constructor " +exp);
}

SecretKey secretKey = keyGen.generateKey();
return secretKey;
}

/**
* Paso 2. Crear un sistema de cifrado mediante la especificación de los siguientes parámetros
* a. Nombre del algoritmo - aquí es AES
*/

public byte[] encryptData(byte[] byteDataToEncrypt, Key secretKey, String Algorithm) {
byte[] byteCipherText = new byte[200];

try {
Cipher aesCipher = Cipher.getInstance(Algorithm);

/**
* Paso 3. Inicialice el cifrado para el cifrado
*/
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey);
}

/**
* Paso 4. Cifrar los datos
* 1. Declarar / inicializar los datos. Aquí los datos son de tipo String
* 2. Convertir el texto de entrada a Bytes
* 3. Cifrado de los bytes, utilizando el método doFinal
*/
byteCipherText = aesCipher.doFinal(byteDataToEncrypt);
strCipherText = new BASE64Encoder().encode(byteCipherText);

}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}
catch (Exception exp)
{
exp.printStackTrace();
}

return byteCipherText;
}
/**
* Paso 5. Descifrar los datos
* 1. Inicialice el cifrado para descifrar
* 2. Descifrar los bytes cifrados utilizando el método doFinal
*/

public byte[] decryptData(byte[] byteCipherText, Key secretKey, String Algorithm) {
byte[] byteDecryptedText = new byte[200];

try{
Cipher aesCipher = Cipher.getInstance(Algorithm);
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey);
}

byteDecryptedText = aesCipher.doFinal(byteCipherText);
strDecryptedText = new String(byteDecryptedText);
}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
invalidKey.printStackTrace();
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
badPadding.printStackTrace();
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}

catch (InvalidAlgorithmParameterException invalidParam)
{
System.out.println(" Invalid Parameter " + invalidParam);
}

return byteDecryptedText;
}

public static byte[] convertStringToByteArray(String strInput) {
strInput = strInput.toLowerCase();
byte[] byteConverted = new byte[(strInput.length() + 1) / 2];
int j = 0;
int interimVal;
int nibble = -1;

for (int i = 0; i < strInput.length(); ++i) {
interimVal = strHexVal.indexOf(strInput.charAt(i));
if (interimVal >= 0) {
if (nibble < 0) {
nibble = interimVal;
} else {
byteConverted[j++] = (byte) ((nibble << 4) + interimVal);
nibble = -1;
}
}
}

if (nibble >= 0) {
byteConverted[j++] = (byte) (nibble << 4);
}

if (j < byteConverted.length) {
byte[] byteTemp = new byte[j];
System.arraycopy(byteConverted, 0, byteTemp, 0, j);
byteConverted = byteTemp;
}

return byteConverted;
}

public static String convertByteArrayToString(byte[] block) {
StringBuffer buf = new StringBuffer();

for (int i = 0; i < block.length; ++i) {
buf.append(strHexVal.charAt((block[i] >>> 4) & 0xf));
buf.append(strHexVal.charAt(block[i] & 0xf));
}

return buf.toString();
}
}
</pre>

== References ==

#Computer Security Arts and Science – Matt Bishop
#Core Security Patterns – Christopher Steele, Ray Lai and Ramesh Nagappan

[[Category:Java]]

'''Aplications in Free Environments'''

'''Tutor:''' Ing. Tito Armas

'''Translator:''' Bravo Maria Jose and Portilla Maria Fernanda 2012

Implementacion De Firmas Digitales en Java

2016-05-25T21:01:11Z

Ledio5485: /* PublicKeyCryptography.java */

== WARNING ==

Jim Manico recently brought to my attention this wiki page, the same who asked me to check exactly. In doing so, I noticed several errors and areas of weakness. Lately, I have the intention to revisit this page (hopefully with the help of one of the original owners), but I do not have time to do a full review at this time. Therefore, I will summarize the problems observed on this page and leaving you the decision to use or not, with these warnings.
 
#First, this page does not describe "digital signatures". Rather, it describes a concept known as "digital envelopes", which is a scheme used with objects such as S / MIME. Digital signatures not only encrypt the actual message text, only encrypts the hash of the message text.
#UTF-8 should be used to convert between Java byte strings and arrays to ensure adequate portability across different operating systems.
#The certificate chain must always be validated. In this example, the certificate is self-signed, so this is not relevant and will not be true in the normal case. Furthermore, it should be noted that the self-signed, but acceptable for demonstration purposes certificates is considered a dubious practice for production, as it opens the door to spoofing attacks.
#[http://www.nist.gov/ NIST] now recommends using key size 2048 bits for RSA or DSA keys.
#There is a consistent use of weak algorithms. Here are some suggested replacements:
## Use "RSA/ECB/OAEPWithSHA1AndMGF1Padding" instead of "RSA/ECB/PKCS1Padding".
## Use SHA1 (or better SHA256, SHA1 but at least) instead of MD5 for message digest.
## Use "SHA1withRSA" for the signature algorithm instead of "MD5withRSA".
## When creating a symmetric encryption system to encrypt the message text, use "AES / CBC / PKCS5Padding" and choose an IV random for each text message instead of simply using "AES", ending with "AES / ECB / PKCS5Padding ". ECB mode is extremely weak for a regular plain text. (OK for random bit encryption, however, is well used with RSA.) However, the use CBC and PKCS5Padding could make it vulnerable to "Padding Oracle" attacks, so caution is advised. You can use Encryptor 2.0 ESAPI 's to avoid it. (Note also, this part is the concept of "on digital". If this page was really limited by "digital signatures" would not apply because it would be irrelevant.)
 
I hope to get soonest, before cleaning this wiki page. Meanwhile, email me your questions.
 
-Kevin Wall

== Overview ==

This article presents a brief overview of the concepts involved with digital signatures and provides code examples for the application of digital signatures in Java using the [http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html Java Cryptography Architecture (JCA)].

=== What is a digital signature? ===

A digital signature is a concept that helps to get the non-repudiation of origin (ie, the integrity of Origin) data. By digitally signing the document, the person signing, says he is the author of the document or the signed message.

=== Need for Digital Signature ===

During the "E" revolution was a need for authentication of critical transactions especially in the financial world. If Alice agreed to transfer $ x to Bob, then there had to be a way for Bob to ensure that:

*It was Alice who performed the transaction and not someone else impersonating Alice (Authentication).
*The amount agreed by Alice is $ x (Integrity).
*Alice could not discuss his statement transaction $ x a Bob (Non-repudiation of origin).

These concerns were treated with a solution known as digital signatures. More background information on digital signatures can be found [http://en.wikipedia.org/wiki/Digital_signature here]

== Digital signatures in Java using JCA ==

Java Cryptography Architecture is a framework for accessing and developing cryptographic functionality for the Java platform. JCA provider implements cryptographic functionality such as digital signatures and message digests. The default JCA provider is SUN JDK 1.4.2.

=== Security considerations when implementing digital signature ===

Two major safety considerations that must be taken into account when applying digital signatures are:

#Sign the message and then encrypt the signed message.
#Sign the hash of the message instead of the entire message.

=== Performance considerations when implementing digital signature ===

Because asymmetric encryption algorithms such as RSA, DSA are computationally slower than symmetric encryption algorithms such as AES, it is a good practice, encrypt the actual message that is transmitted using a symmetric key algorithm and then encrypt the key that is used in symmetric key algorithm using an asymmetric key algorithm. For example, if you want to convey the message "Hello World Digital Signatures", then this message is first encrypted with a symmetric key, for example, an AES 128-bit key as x7oFaHSPnWxEMiZE/0qYrg and then this key is encrypted with an algorithm as RSA asymmetric key.

== Algorithm to implement digital signature using the RSA algorithm ==

The provider RSA Java implementation has a limitation in that encryption can be performed on the data length <= 117 bytes only. If the data is of a length> 117 bytes, it will launch a IllegalBlockSizeException: Data must have more than 117 bytes symmetry there has to be encrypted and then signed.

RSA PKCS # 1 algorithm can only encrypt data size k - 11, where k whose length is one byte and the RSA module 11 is the number of bytes used by the filling PCKS # 1 v1.5. Therefore, if we use an RSA key size of 1024 bits, we could encrypt only 128-11 => 117 bytes of data. There are two options available to encrypt data byte size larger.

#We could use an RSA key length> 1024. For example, using 2048 bits, then we could encrypt 256-11 => 245 bytes of data. The disadvantage of this approach is that it would be capable of encoding data size> x bytes (in the above example x is 245).
#Analyze the input data chunks of bytes in size <117 and apply encryption on each piece. The code example of this approach can be found [http://www.aviransplace.com/2004/10/12/using-rsa-encryption-with-java/3/ here].

Both approaches could affect performance since the RSA key larger or approach of [https://en.wikipedia.org/wiki/Divide_and_conquer_algorithms "divide and conquer"] of input bytes are computationally expensive.

=== Algorithm ===

With the foregoing, the following algorithm can be used for the implementation of public key cryptography in Java.

#Encrypt the message using a symmetric key
#Concatenate the symmetric key + symmetric hash + hash key message.
#Encrypt the concatenated string with the public key of the recipient.
#Sign data to be transmitted (encrypted symmetric key + the + Hash hash key message).
#Validate the signature.
#Deciphering the message with the recipient's private key to obtain the symmetric key.
#Validate the integrity of the key using the hash key.
#It decipher the real message using the symmetric key that has been decrypted, analyzed and integrity checks.
#Calculate MessageDigest of data.
#Validate whether the message digest decrypted text matches the message digest of the original message.

=== Commands for key generation ===

prompt# keytool -genkey -alias testsender -keystore testkeystore.ks -keyalg RSA Enter keystore password: testpwd

What is your first and last name?
[Unknown]: Alice Sender

What is your name?
[Unknown]: IT

What is the name of the OU?
[Unknown]: ABC Inc

What is the name of your organization?
[Unknown]: LA

What is the name of your city or town?
[Unknown]: CA

What is the name of your state or province?
[Unknown]: US

Is CN = Alice Sender, OU = IT, O = ABC Inc, L = LA, ST = CA, C = EE.UU. correct?
[no]: y

Enter the key password for <testsender>
(RETURN if same as keystore password): send123

prompt # keytool -genkey -alias testrecv -keystore testkeystore.ks -keyalg RSA Enter the password of KeyStore: testpwd

What is your name?
[Unknown]: Bob Receiver

What is the name of the OU?
[Unknown]: HR

What is the name of your organization?
[Unknown]: ABC Inc

What is the name of your city or town?
[Unknown]: SFO

What is the name of your state or province?
[Unknown]: CA

What is the country code of two letters for this unit?
[Unknown]: US

Is CN = Bob receptor, OU = HR, O = ABC Inc, L = SFO, ST = CA, C = EE.UU. correct?
[no]: y

Enter the key password for <testrecv>
(RETURN if same as keystore password): recv123

=== Code Example ===

==== PublicKeyCryptography.java ====
<pre>package org.owasp.crypto;

import java.security.*;
import java.security.cert.*;
import javax.crypto.*;

import sun.misc.BASE64Encoder;
import sun.misc.BASE64Decoder;

/ **
*
* @author Joe Prasanna Kumar
*
* 1. Encrypt data using a symmetric key
* 2. Encrypt the symmetric key with the public key Receivers
* 3. Create a message digest of the data to be transmitted
* 4. Sign the message to be transmitted
* 5. Send the data through a nonsecure channel
* 6. Validate signature
* 7. Decoding the message using the private key Pets for the symmetric key
* 8. Deciphering the data using the symmetric key
* 9. Calculate MessageDigest signed message data +
* 10.Valide if the text message digest matches the decrypted message digest of the original message
*/

public class PublicKeyCryptography {

public static void main(String[] args) {

SymmetricEncrypt encryptUtil = new SymmetricEncrypt();
String strDataToEncrypt = "Hello World";
byte[] byteDataToTransmit = strDataToEncrypt.getBytes();

// Generación de un SecretKey para el cifrado simétrico
SecretKey senderSecretKey = SymmetricEncrypt.getSecret();

//1. Cifrar los datos utilizando una clave simétrica
byte[] byteCipherText = encryptUtil.encryptData(byteDataToTransmit,senderSecretKey,"AES");
String strCipherText = new BASE64Encoder().encode(byteCipherText);

//2. Cifrar la clave simétrica con la clave pública
try{
// 2.1 Especifique el almacén de claves que se haya importado el certificado Receptores
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
char [] password = "testpwd".toCharArray();
java.io.FileInputStream fis = new java.io.FileInputStream("/home/Joebi/workspace/OWASP_Crypto/org/owasp/crypto/testkeystore.ks");
ks.load(fis, password);
fis.close();

// 2.2 Creación de un certificado X509 del receptor
X509Certificate recvcert ;
MessageDigest md = MessageDigest.getInstance("MD5");
recvcert = (X509Certificate)ks.getCertificate("testrecv");
// 2.3 Obtención de la llave pública de los certificados
PublicKey pubKeyReceiver = recvcert.getPublicKey();

// 2.4 Cifrado de la SecretKey con la clave pública Receptores
byte[] byteEncryptWithPublicKey = encryptUtil.encryptData(senderSecretKey.getEncoded(),pubKeyReceiver,"RSA/ECB/PKCS1Padding");
String strSenbyteEncryptWithPublicKey = new BASE64Encoder().encode(byteEncryptWithPublicKey);

// 3. Crear un resumen del mensaje de los datos a transmitir
md.update(byteDataToTransmit);
byte byteMDofDataToTransmit[] = md.digest();

String strMDofDataToTransmit = new String();
for (int i = 0; i < byteMDofDataToTransmit.length; i++){
strMDofDataToTransmit = strMDofDataToTransmit + Integer.toHexString((int)byteMDofDataToTransmit[i] & 0xFF) ;
}

// 3.1 Mensaje que se Firmado = clave secreta cifrada + MAC de los datos a transmitir
String strMsgToSign = strSenbyteEncryptWithPublicKey + "|" + strMDofDataToTransmit;

// 4. Firma el mensaje
// 4.1 Obtener la clave privada del remitente desde el almacén de claves, proporcionando la contraseña establecida para la llave privada mientras se crea las llaves usados.
char[] keypassword = "send123".toCharArray();
Key myKey = ks.getKey("testsender", keypassword);
PrivateKey myPrivateKey = (PrivateKey)myKey;

// 4.2 Firmar el mensaje
Signature mySign = Signature.getInstance("MD5withRSA");
mySign.initSign(myPrivateKey);
mySign.update(strMsgToSign.getBytes());
byte[] byteSignedData = mySign.sign();

// 5. Los valores byteSignedData (la firma) y strMsgToSign (los datos que se firmó) se pueden enviar a través del receptor

// 6. Validar la firma
// 6.1 Extraer la clave pública de su certificado de remitentes
X509Certificate sendercert ;
sendercert = (X509Certificate)ks.getCertificate("testsender");
PublicKey pubKeySender = sendercert.getPublicKey();
// 6.2 Verificar la Firma
Signature myVerifySign = Signature.getInstance("MD5withRSA");
myVerifySign.initVerify(pubKeySender);
myVerifySign.update(strMsgToSign.getBytes());

boolean verifySign = myVerifySign.verify(byteSignedData);
if (verifySign == false)
{
System.out.println(" Error in validating Signature ");
}

else
System.out.println(" Successfully validated Signature ");

// 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
char[] recvpassword = "recv123".toCharArray();
Key recvKey = ks.getKey("testrecv", recvpassword);
PrivateKey recvPrivateKey = (PrivateKey)recvKey;

// Analizar el MessageDigest y el valor cifrado
String strRecvSignedData = new String (byteSignedData);
String[] strRecvSignedDataArray = new String [10];
strRecvSignedDataArray = strMsgToSign.split("|");
int intindexofsep = strMsgToSign.indexOf("|");
String strEncryptWithPublicKey = strMsgToSign.substring(0,intindexofsep);
String strHashOfData = strMsgToSign.substring(intindexofsep+1);

// Descifrado para obtener la clave simétrica
byte[] bytestrEncryptWithPublicKey = new BASE64Decoder().decodeBuffer(strEncryptWithPublicKey);
byte[] byteDecryptWithPrivateKey = encryptUtil.decryptData(byteEncryptWithPublicKey,recvPrivateKey,"RSA/ECB/PKCS1Padding");

// 8. Descifrar los datos usando la clave simétrica
javax.crypto.spec.SecretKeySpec secretKeySpecDecrypted = new javax.crypto.spec.SecretKeySpec(byteDecryptWithPrivateKey,"AES");
byte[] byteDecryptText = encryptUtil.decryptData(byteCipherText,secretKeySpecDecrypted,"AES");
String strDecryptedText = new String(byteDecryptText);
System.out.println(" Decrypted data is " +strDecryptedText);

// 9. Calcule MessageDigest de datos + mensaje firmado
MessageDigest recvmd = MessageDigest.getInstance("MD5");
recvmd.update(byteDecryptText);
byte byteHashOfRecvSignedData[] = recvmd.digest();

String strHashOfRecvSignedData = new String();

for (int i = 0; i < byteHashOfRecvSignedData.length; i++){
strHashOfRecvSignedData = strHashOfRecvSignedData + Integer.toHexString((int)byteHashOfRecvSignedData[i] & 0xFF) ;
}
// 10. Validar si la síntesis del mensaje del texto coincide con el mensaje descifrado
Digest of the Original Message

if (!strHashOfRecvSignedData.equals(strHashOfData))
{
System.out.println(" Message has been tampered ");
}

}

catch(Exception exp)
{
System.out.println(" Exception caught " + exp);
exp.printStackTrace();
}

}

}
</pre>

==== SymmetricEncrypt.java ====
<pre>package org.owasp.crypto;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.Cipher;
import java.security.Key;

import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import java.security.InvalidAlgorithmParameterException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;

import sun.misc.BASE64Encoder;

/**
* @author Joe Prasanna Kumar
* Este programa ofrece las funcionalidades criptográficas siguientes
* 1. Cifrado con AES
* 2. El descifrado con AES
*
* Algoritmo de alto nivel:
* 1. Generar una clave DES (especificar el tamaño de la clave durante esta fase)
* 2. Cree el Cipher
* 3. Para cifrar: Inicializar el cifrado para el cifrado
* 4. Para descifrar: Inicializar el cifrado para descifrar
*
*
*/

public class SymmetricEncrypt {

String strDataToEncrypt = new String();
String strCipherText = new String();
String strDecryptedText = new String();
static KeyGenerator keyGen;
private static String strHexVal = "0123456789abcdef";

public static SecretKey getSecret(){
/**
* Paso 1. Generación de una clave AES mediante keygenerator
* Inicializa el tamaño de clave de 128
*
*/

try{
keyGen = KeyGenerator.getInstance("AES");
keyGen.init(128);

}

catch(Exception exp)
{
System.out.println(" Exception inside constructor " +exp);
}

SecretKey secretKey = keyGen.generateKey();
return secretKey;
}

/**
* Paso 2. Crear un sistema de cifrado mediante la especificación de los siguientes parámetros
* a. Nombre del algoritmo - aquí es AES
*/

public byte[] encryptData(byte[] byteDataToEncrypt, Key secretKey, String Algorithm) {
byte[] byteCipherText = new byte[200];

try {
Cipher aesCipher = Cipher.getInstance(Algorithm);

/**
* Paso 3. Inicialice el cifrado para el cifrado
*/
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey);
}

/**
* Paso 4. Cifrar los datos
* 1. Declarar / inicializar los datos. Aquí los datos son de tipo String
* 2. Convertir el texto de entrada a Bytes
* 3. Cifrado de los bytes, utilizando el método doFinal
*/
byteCipherText = aesCipher.doFinal(byteDataToEncrypt);
strCipherText = new BASE64Encoder().encode(byteCipherText);

}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}
catch (Exception exp)
{
exp.printStackTrace();
}

return byteCipherText;
}
/**
* Paso 5. Descifrar los datos
* 1. Inicialice el cifrado para descifrar
* 2. Descifrar los bytes cifrados utilizando el método doFinal
*/

public byte[] decryptData(byte[] byteCipherText, Key secretKey, String Algorithm) {
byte[] byteDecryptedText = new byte[200];

try{
Cipher aesCipher = Cipher.getInstance(Algorithm);
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey);
}

byteDecryptedText = aesCipher.doFinal(byteCipherText);
strDecryptedText = new String(byteDecryptedText);
}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
invalidKey.printStackTrace();
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
badPadding.printStackTrace();
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}

catch (InvalidAlgorithmParameterException invalidParam)
{
System.out.println(" Invalid Parameter " + invalidParam);
}

return byteDecryptedText;
}

public static byte[] convertStringToByteArray(String strInput) {
strInput = strInput.toLowerCase();
byte[] byteConverted = new byte[(strInput.length() + 1) / 2];
int j = 0;
int interimVal;
int nibble = -1;

for (int i = 0; i < strInput.length(); ++i) {
interimVal = strHexVal.indexOf(strInput.charAt(i));
if (interimVal >= 0) {
if (nibble < 0) {
nibble = interimVal;
} else {
byteConverted[j++] = (byte) ((nibble << 4) + interimVal);
nibble = -1;
}
}
}

if (nibble >= 0) {
byteConverted[j++] = (byte) (nibble << 4);
}

if (j < byteConverted.length) {
byte[] byteTemp = new byte[j];
System.arraycopy(byteConverted, 0, byteTemp, 0, j);
byteConverted = byteTemp;
}

return byteConverted;
}

public static String convertByteArrayToString(byte[] block) {
StringBuffer buf = new StringBuffer();

for (int i = 0; i < block.length; ++i) {
buf.append(strHexVal.charAt((block[i] >>> 4) & 0xf));
buf.append(strHexVal.charAt(block[i] & 0xf));
}

return buf.toString();
}
}
</pre>

== Referencias ==

#Computer Security Arts and Science – Matt Bishop
#Core Security Patterns – Christopher Steele, Ray Lai and Ramesh Nagappan

[[Category:Java]]

'''Aplicaciones en Ambientes Libres'''

'''Tutor:''' Ing. Tito Armas

'''Traductoroas:''' Bravo Maria Jose y Portilla Maria Fernanda 2012

Implementacion De Firmas Digitales en Java

2016-05-25T20:57:33Z

Ledio5485: /* PublicKeyCryptography.java */

== WARNING ==

Jim Manico recently brought to my attention this wiki page, the same who asked me to check exactly. In doing so, I noticed several errors and areas of weakness. Lately, I have the intention to revisit this page (hopefully with the help of one of the original owners), but I do not have time to do a full review at this time. Therefore, I will summarize the problems observed on this page and leaving you the decision to use or not, with these warnings.
 
#First, this page does not describe "digital signatures". Rather, it describes a concept known as "digital envelopes", which is a scheme used with objects such as S / MIME. Digital signatures not only encrypt the actual message text, only encrypts the hash of the message text.
#UTF-8 should be used to convert between Java byte strings and arrays to ensure adequate portability across different operating systems.
#The certificate chain must always be validated. In this example, the certificate is self-signed, so this is not relevant and will not be true in the normal case. Furthermore, it should be noted that the self-signed, but acceptable for demonstration purposes certificates is considered a dubious practice for production, as it opens the door to spoofing attacks.
#[http://www.nist.gov/ NIST] now recommends using key size 2048 bits for RSA or DSA keys.
#There is a consistent use of weak algorithms. Here are some suggested replacements:
## Use "RSA/ECB/OAEPWithSHA1AndMGF1Padding" instead of "RSA/ECB/PKCS1Padding".
## Use SHA1 (or better SHA256, SHA1 but at least) instead of MD5 for message digest.
## Use "SHA1withRSA" for the signature algorithm instead of "MD5withRSA".
## When creating a symmetric encryption system to encrypt the message text, use "AES / CBC / PKCS5Padding" and choose an IV random for each text message instead of simply using "AES", ending with "AES / ECB / PKCS5Padding ". ECB mode is extremely weak for a regular plain text. (OK for random bit encryption, however, is well used with RSA.) However, the use CBC and PKCS5Padding could make it vulnerable to "Padding Oracle" attacks, so caution is advised. You can use Encryptor 2.0 ESAPI 's to avoid it. (Note also, this part is the concept of "on digital". If this page was really limited by "digital signatures" would not apply because it would be irrelevant.)
 
I hope to get soonest, before cleaning this wiki page. Meanwhile, email me your questions.
 
-Kevin Wall

== Overview ==

This article presents a brief overview of the concepts involved with digital signatures and provides code examples for the application of digital signatures in Java using the [http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html Java Cryptography Architecture (JCA)].

=== What is a digital signature? ===

A digital signature is a concept that helps to get the non-repudiation of origin (ie, the integrity of Origin) data. By digitally signing the document, the person signing, says he is the author of the document or the signed message.

=== Need for Digital Signature ===

During the "E" revolution was a need for authentication of critical transactions especially in the financial world. If Alice agreed to transfer $ x to Bob, then there had to be a way for Bob to ensure that:

*It was Alice who performed the transaction and not someone else impersonating Alice (Authentication).
*The amount agreed by Alice is $ x (Integrity).
*Alice could not discuss his statement transaction $ x a Bob (Non-repudiation of origin).

These concerns were treated with a solution known as digital signatures. More background information on digital signatures can be found [http://en.wikipedia.org/wiki/Digital_signature here]

== Digital signatures in Java using JCA ==

Java Cryptography Architecture is a framework for accessing and developing cryptographic functionality for the Java platform. JCA provider implements cryptographic functionality such as digital signatures and message digests. The default JCA provider is SUN JDK 1.4.2.

=== Security considerations when implementing digital signature ===

Two major safety considerations that must be taken into account when applying digital signatures are:

#Sign the message and then encrypt the signed message.
#Sign the hash of the message instead of the entire message.

=== Performance considerations when implementing digital signature ===

Because asymmetric encryption algorithms such as RSA, DSA are computationally slower than symmetric encryption algorithms such as AES, it is a good practice, encrypt the actual message that is transmitted using a symmetric key algorithm and then encrypt the key that is used in symmetric key algorithm using an asymmetric key algorithm. For example, if you want to convey the message "Hello World Digital Signatures", then this message is first encrypted with a symmetric key, for example, an AES 128-bit key as x7oFaHSPnWxEMiZE/0qYrg and then this key is encrypted with an algorithm as RSA asymmetric key.

== Algorithm to implement digital signature using the RSA algorithm ==

The provider RSA Java implementation has a limitation in that encryption can be performed on the data length <= 117 bytes only. If the data is of a length> 117 bytes, it will launch a IllegalBlockSizeException: Data must have more than 117 bytes symmetry there has to be encrypted and then signed.

RSA PKCS # 1 algorithm can only encrypt data size k - 11, where k whose length is one byte and the RSA module 11 is the number of bytes used by the filling PCKS # 1 v1.5. Therefore, if we use an RSA key size of 1024 bits, we could encrypt only 128-11 => 117 bytes of data. There are two options available to encrypt data byte size larger.

#We could use an RSA key length> 1024. For example, using 2048 bits, then we could encrypt 256-11 => 245 bytes of data. The disadvantage of this approach is that it would be capable of encoding data size> x bytes (in the above example x is 245).
#Analyze the input data chunks of bytes in size <117 and apply encryption on each piece. The code example of this approach can be found [http://www.aviransplace.com/2004/10/12/using-rsa-encryption-with-java/3/ here].

Both approaches could affect performance since the RSA key larger or approach of [https://en.wikipedia.org/wiki/Divide_and_conquer_algorithms "divide and conquer"] of input bytes are computationally expensive.

=== Algorithm ===

With the foregoing, the following algorithm can be used for the implementation of public key cryptography in Java.

#Encrypt the message using a symmetric key
#Concatenate the symmetric key + symmetric hash + hash key message.
#Encrypt the concatenated string with the public key of the recipient.
#Sign data to be transmitted (encrypted symmetric key + the + Hash hash key message).
#Validate the signature.
#Deciphering the message with the recipient's private key to obtain the symmetric key.
#Validate the integrity of the key using the hash key.
#It decipher the real message using the symmetric key that has been decrypted, analyzed and integrity checks.
#Calculate MessageDigest of data.
#Validate whether the message digest decrypted text matches the message digest of the original message.

=== Commands for key generation ===

prompt# keytool -genkey -alias testsender -keystore testkeystore.ks -keyalg RSA Enter keystore password: testpwd

What is your first and last name?
[Unknown]: Alice Sender

What is your name?
[Unknown]: IT

What is the name of the OU?
[Unknown]: ABC Inc

What is the name of your organization?
[Unknown]: LA

What is the name of your city or town?
[Unknown]: CA

What is the name of your state or province?
[Unknown]: US

Is CN = Alice Sender, OU = IT, O = ABC Inc, L = LA, ST = CA, C = EE.UU. correct?
[no]: y

Enter the key password for <testsender>
(RETURN if same as keystore password): send123

prompt # keytool -genkey -alias testrecv -keystore testkeystore.ks -keyalg RSA Enter the password of KeyStore: testpwd

What is your name?
[Unknown]: Bob Receiver

What is the name of the OU?
[Unknown]: HR

What is the name of your organization?
[Unknown]: ABC Inc

What is the name of your city or town?
[Unknown]: SFO

What is the name of your state or province?
[Unknown]: CA

What is the country code of two letters for this unit?
[Unknown]: US

Is CN = Bob receptor, OU = HR, O = ABC Inc, L = SFO, ST = CA, C = EE.UU. correct?
[no]: y

Enter the key password for <testrecv>
(RETURN if same as keystore password): recv123

=== Code Example ===

==== PublicKeyCryptography.java ====
<pre>package org.owasp.crypto;

import java.security.*;
import java.security.cert.*;
import javax.crypto.*;
import sun.misc.BASE64Encoder;
import sun.misc.BASE64Decoder;

/ **
*
* @author Joe Prasanna Kumar
*
* 1. Encrypt data using a symmetric key
* 2. Encrypt the symmetric key with the public key Receivers
* 3. Create a message digest of the data to be transmitted
* 4. Sign the message to be transmitted
* 5. Send the data through a nonsecure channel
* 6. Validate signature
* 7. Decoding the message using the private key Pets for the symmetric key
* 8. Deciphering the data using the symmetric key
* 9. Calculate MessageDigest signed message data +
* 10.Valide if the text message digest matches the decrypted message digest of the original message
*
*/

public class PublicKeyCryptography {

/**
* @param args
*/
public static void main(String[] args) {

SymmetricEncrypt encryptUtil = new SymmetricEncrypt();
String strDataToEncrypt = "Hello World";
byte[] byteDataToTransmit = strDataToEncrypt.getBytes();

// Generación de un SecretKey para el cifrado simétrico
SecretKey senderSecretKey = SymmetricEncrypt.getSecret();

//1. Cifrar los datos utilizando una clave simétrica
byte[] byteCipherText = encryptUtil.encryptData(byteDataToTransmit,senderSecretKey,"AES");
String strCipherText = new BASE64Encoder().encode(byteCipherText);

//2. Cifrar la clave simétrica con la clave pública
try{
// 2.1 Especifique el almacén de claves que se haya importado el certificado Receptores
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
char [] password = "testpwd".toCharArray();
java.io.FileInputStream fis = new java.io.FileInputStream("/home/Joebi/workspace/OWASP_Crypto/org/owasp/crypto/testkeystore.ks");
ks.load(fis, password);
fis.close();

// 2.2 Creación de un certificado X509 del receptor
X509Certificate recvcert ;
MessageDigest md = MessageDigest.getInstance("MD5");
recvcert = (X509Certificate)ks.getCertificate("testrecv");
// 2.3 Obtención de la llave pública de los certificados
PublicKey pubKeyReceiver = recvcert.getPublicKey();

// 2.4 Cifrado de la SecretKey con la clave pública Receptores
byte[] byteEncryptWithPublicKey = encryptUtil.encryptData(senderSecretKey.getEncoded(),pubKeyReceiver,"RSA/ECB/PKCS1Padding");
String strSenbyteEncryptWithPublicKey = new BASE64Encoder().encode(byteEncryptWithPublicKey);

// 3. Crear un resumen del mensaje de los datos a transmitir
md.update(byteDataToTransmit);
byte byteMDofDataToTransmit[] = md.digest();

String strMDofDataToTransmit = new String();
for (int i = 0; i < byteMDofDataToTransmit.length; i++){
strMDofDataToTransmit = strMDofDataToTransmit + Integer.toHexString((int)byteMDofDataToTransmit[i] & 0xFF) ;
}

// 3.1 Mensaje que se Firmado = clave secreta cifrada + MAC de los datos a transmitir
String strMsgToSign = strSenbyteEncryptWithPublicKey + "|" + strMDofDataToTransmit;

// 4. Firma el mensaje
// 4.1 Obtener la clave privada del remitente desde el almacén de claves, proporcionando la contraseña establecida para la llave privada mientras se crea las llaves usados.
char[] keypassword = "send123".toCharArray();
Key myKey = ks.getKey("testsender", keypassword);
PrivateKey myPrivateKey = (PrivateKey)myKey;

// 4.2 Firmar el mensaje
Signature mySign = Signature.getInstance("MD5withRSA");
mySign.initSign(myPrivateKey);
mySign.update(strMsgToSign.getBytes());
byte[] byteSignedData = mySign.sign();

// 5. Los valores byteSignedData (la firma) y strMsgToSign (los datos que se firmó) se pueden enviar a través del receptor

// 6. Validar la firma
// 6.1 Extraer la clave pública de su certificado de remitentes
X509Certificate sendercert ;
sendercert = (X509Certificate)ks.getCertificate("testsender");
PublicKey pubKeySender = sendercert.getPublicKey();
// 6.2 Verificar la Firma
Signature myVerifySign = Signature.getInstance("MD5withRSA");
myVerifySign.initVerify(pubKeySender);
myVerifySign.update(strMsgToSign.getBytes());

boolean verifySign = myVerifySign.verify(byteSignedData);
if (verifySign == false)
{
System.out.println(" Error in validating Signature ");
}

else
System.out.println(" Successfully validated Signature ");

// 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
char[] recvpassword = "recv123".toCharArray();
Key recvKey = ks.getKey("testrecv", recvpassword);
PrivateKey recvPrivateKey = (PrivateKey)recvKey;

// Analizar el MessageDigest y el valor cifrado
String strRecvSignedData = new String (byteSignedData);
String[] strRecvSignedDataArray = new String [10];
strRecvSignedDataArray = strMsgToSign.split("|");
int intindexofsep = strMsgToSign.indexOf("|");
String strEncryptWithPublicKey = strMsgToSign.substring(0,intindexofsep);
String strHashOfData = strMsgToSign.substring(intindexofsep+1);

// Descifrado para obtener la clave simétrica
byte[] bytestrEncryptWithPublicKey = new BASE64Decoder().decodeBuffer(strEncryptWithPublicKey);
byte[] byteDecryptWithPrivateKey = encryptUtil.decryptData(byteEncryptWithPublicKey,recvPrivateKey,"RSA/ECB/PKCS1Padding");

// 8. Descifrar los datos usando la clave simétrica
javax.crypto.spec.SecretKeySpec secretKeySpecDecrypted = new javax.crypto.spec.SecretKeySpec(byteDecryptWithPrivateKey,"AES");
byte[] byteDecryptText = encryptUtil.decryptData(byteCipherText,secretKeySpecDecrypted,"AES");
String strDecryptedText = new String(byteDecryptText);
System.out.println(" Decrypted data is " +strDecryptedText);

// 9. Calcule MessageDigest de datos + mensaje firmado
MessageDigest recvmd = MessageDigest.getInstance("MD5");
recvmd.update(byteDecryptText);
byte byteHashOfRecvSignedData[] = recvmd.digest();

String strHashOfRecvSignedData = new String();

for (int i = 0; i < byteHashOfRecvSignedData.length; i++){
strHashOfRecvSignedData = strHashOfRecvSignedData + Integer.toHexString((int)byteHashOfRecvSignedData[i] & 0xFF) ;
}
// 10. Validar si la síntesis del mensaje del texto coincide con el mensaje descifrado
Digest of the Original Message

if (!strHashOfRecvSignedData.equals(strHashOfData))
{
System.out.println(" Message has been tampered ");
}

}

catch(Exception exp)
{
System.out.println(" Exception caught " + exp);
exp.printStackTrace();
}

}

}
</pre>

==== SymmetricEncrypt.java ====
<pre>package org.owasp.crypto;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.Cipher;
import java.security.Key;

import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import java.security.InvalidAlgorithmParameterException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;

import sun.misc.BASE64Encoder;

/**
* @author Joe Prasanna Kumar
* Este programa ofrece las funcionalidades criptográficas siguientes
* 1. Cifrado con AES
* 2. El descifrado con AES
*
* Algoritmo de alto nivel:
* 1. Generar una clave DES (especificar el tamaño de la clave durante esta fase)
* 2. Cree el Cipher
* 3. Para cifrar: Inicializar el cifrado para el cifrado
* 4. Para descifrar: Inicializar el cifrado para descifrar
*
*
*/

public class SymmetricEncrypt {

String strDataToEncrypt = new String();
String strCipherText = new String();
String strDecryptedText = new String();
static KeyGenerator keyGen;
private static String strHexVal = "0123456789abcdef";

public static SecretKey getSecret(){
/**
* Paso 1. Generación de una clave AES mediante keygenerator
* Inicializa el tamaño de clave de 128
*
*/

try{
keyGen = KeyGenerator.getInstance("AES");
keyGen.init(128);

}

catch(Exception exp)
{
System.out.println(" Exception inside constructor " +exp);
}

SecretKey secretKey = keyGen.generateKey();
return secretKey;
}

/**
* Paso 2. Crear un sistema de cifrado mediante la especificación de los siguientes parámetros
* a. Nombre del algoritmo - aquí es AES
*/

public byte[] encryptData(byte[] byteDataToEncrypt, Key secretKey, String Algorithm) {
byte[] byteCipherText = new byte[200];

try {
Cipher aesCipher = Cipher.getInstance(Algorithm);

/**
* Paso 3. Inicialice el cifrado para el cifrado
*/
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey);
}

/**
* Paso 4. Cifrar los datos
* 1. Declarar / inicializar los datos. Aquí los datos son de tipo String
* 2. Convertir el texto de entrada a Bytes
* 3. Cifrado de los bytes, utilizando el método doFinal
*/
byteCipherText = aesCipher.doFinal(byteDataToEncrypt);
strCipherText = new BASE64Encoder().encode(byteCipherText);

}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}
catch (Exception exp)
{
exp.printStackTrace();
}

return byteCipherText;
}
/**
* Paso 5. Descifrar los datos
* 1. Inicialice el cifrado para descifrar
* 2. Descifrar los bytes cifrados utilizando el método doFinal
*/

public byte[] decryptData(byte[] byteCipherText, Key secretKey, String Algorithm) {
byte[] byteDecryptedText = new byte[200];

try{
Cipher aesCipher = Cipher.getInstance(Algorithm);
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey);
}

byteDecryptedText = aesCipher.doFinal(byteCipherText);
strDecryptedText = new String(byteDecryptedText);
}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
invalidKey.printStackTrace();
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
badPadding.printStackTrace();
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}

catch (InvalidAlgorithmParameterException invalidParam)
{
System.out.println(" Invalid Parameter " + invalidParam);
}

return byteDecryptedText;
}

public static byte[] convertStringToByteArray(String strInput) {
strInput = strInput.toLowerCase();
byte[] byteConverted = new byte[(strInput.length() + 1) / 2];
int j = 0;
int interimVal;
int nibble = -1;

for (int i = 0; i < strInput.length(); ++i) {
interimVal = strHexVal.indexOf(strInput.charAt(i));
if (interimVal >= 0) {
if (nibble < 0) {
nibble = interimVal;
} else {
byteConverted[j++] = (byte) ((nibble << 4) + interimVal);
nibble = -1;
}
}
}

if (nibble >= 0) {
byteConverted[j++] = (byte) (nibble << 4);
}

if (j < byteConverted.length) {
byte[] byteTemp = new byte[j];
System.arraycopy(byteConverted, 0, byteTemp, 0, j);
byteConverted = byteTemp;
}

return byteConverted;
}

public static String convertByteArrayToString(byte[] block) {
StringBuffer buf = new StringBuffer();

for (int i = 0; i < block.length; ++i) {
buf.append(strHexVal.charAt((block[i] >>> 4) & 0xf));
buf.append(strHexVal.charAt(block[i] & 0xf));
}

return buf.toString();
}
}
</pre>

== Referencias ==

#Computer Security Arts and Science – Matt Bishop
#Core Security Patterns – Christopher Steele, Ray Lai and Ramesh Nagappan

[[Category:Java]]

'''Aplicaciones en Ambientes Libres'''

'''Tutor:''' Ing. Tito Armas

'''Traductoroas:''' Bravo Maria Jose y Portilla Maria Fernanda 2012

Implementacion De Firmas Digitales en Java

2016-05-25T20:55:57Z

Ledio5485: /* Code Example */

== WARNING ==

Jim Manico recently brought to my attention this wiki page, the same who asked me to check exactly. In doing so, I noticed several errors and areas of weakness. Lately, I have the intention to revisit this page (hopefully with the help of one of the original owners), but I do not have time to do a full review at this time. Therefore, I will summarize the problems observed on this page and leaving you the decision to use or not, with these warnings.
 
#First, this page does not describe "digital signatures". Rather, it describes a concept known as "digital envelopes", which is a scheme used with objects such as S / MIME. Digital signatures not only encrypt the actual message text, only encrypts the hash of the message text.
#UTF-8 should be used to convert between Java byte strings and arrays to ensure adequate portability across different operating systems.
#The certificate chain must always be validated. In this example, the certificate is self-signed, so this is not relevant and will not be true in the normal case. Furthermore, it should be noted that the self-signed, but acceptable for demonstration purposes certificates is considered a dubious practice for production, as it opens the door to spoofing attacks.
#[http://www.nist.gov/ NIST] now recommends using key size 2048 bits for RSA or DSA keys.
#There is a consistent use of weak algorithms. Here are some suggested replacements:
## Use "RSA/ECB/OAEPWithSHA1AndMGF1Padding" instead of "RSA/ECB/PKCS1Padding".
## Use SHA1 (or better SHA256, SHA1 but at least) instead of MD5 for message digest.
## Use "SHA1withRSA" for the signature algorithm instead of "MD5withRSA".
## When creating a symmetric encryption system to encrypt the message text, use "AES / CBC / PKCS5Padding" and choose an IV random for each text message instead of simply using "AES", ending with "AES / ECB / PKCS5Padding ". ECB mode is extremely weak for a regular plain text. (OK for random bit encryption, however, is well used with RSA.) However, the use CBC and PKCS5Padding could make it vulnerable to "Padding Oracle" attacks, so caution is advised. You can use Encryptor 2.0 ESAPI 's to avoid it. (Note also, this part is the concept of "on digital". If this page was really limited by "digital signatures" would not apply because it would be irrelevant.)
 
I hope to get soonest, before cleaning this wiki page. Meanwhile, email me your questions.
 
-Kevin Wall

== Overview ==

This article presents a brief overview of the concepts involved with digital signatures and provides code examples for the application of digital signatures in Java using the [http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html Java Cryptography Architecture (JCA)].

=== What is a digital signature? ===

A digital signature is a concept that helps to get the non-repudiation of origin (ie, the integrity of Origin) data. By digitally signing the document, the person signing, says he is the author of the document or the signed message.

=== Need for Digital Signature ===

During the "E" revolution was a need for authentication of critical transactions especially in the financial world. If Alice agreed to transfer $ x to Bob, then there had to be a way for Bob to ensure that:

*It was Alice who performed the transaction and not someone else impersonating Alice (Authentication).
*The amount agreed by Alice is $ x (Integrity).
*Alice could not discuss his statement transaction $ x a Bob (Non-repudiation of origin).

These concerns were treated with a solution known as digital signatures. More background information on digital signatures can be found [http://en.wikipedia.org/wiki/Digital_signature here]

== Digital signatures in Java using JCA ==

Java Cryptography Architecture is a framework for accessing and developing cryptographic functionality for the Java platform. JCA provider implements cryptographic functionality such as digital signatures and message digests. The default JCA provider is SUN JDK 1.4.2.

=== Security considerations when implementing digital signature ===

Two major safety considerations that must be taken into account when applying digital signatures are:

#Sign the message and then encrypt the signed message.
#Sign the hash of the message instead of the entire message.

=== Performance considerations when implementing digital signature ===

Because asymmetric encryption algorithms such as RSA, DSA are computationally slower than symmetric encryption algorithms such as AES, it is a good practice, encrypt the actual message that is transmitted using a symmetric key algorithm and then encrypt the key that is used in symmetric key algorithm using an asymmetric key algorithm. For example, if you want to convey the message "Hello World Digital Signatures", then this message is first encrypted with a symmetric key, for example, an AES 128-bit key as x7oFaHSPnWxEMiZE/0qYrg and then this key is encrypted with an algorithm as RSA asymmetric key.

== Algorithm to implement digital signature using the RSA algorithm ==

The provider RSA Java implementation has a limitation in that encryption can be performed on the data length <= 117 bytes only. If the data is of a length> 117 bytes, it will launch a IllegalBlockSizeException: Data must have more than 117 bytes symmetry there has to be encrypted and then signed.

RSA PKCS # 1 algorithm can only encrypt data size k - 11, where k whose length is one byte and the RSA module 11 is the number of bytes used by the filling PCKS # 1 v1.5. Therefore, if we use an RSA key size of 1024 bits, we could encrypt only 128-11 => 117 bytes of data. There are two options available to encrypt data byte size larger.

#We could use an RSA key length> 1024. For example, using 2048 bits, then we could encrypt 256-11 => 245 bytes of data. The disadvantage of this approach is that it would be capable of encoding data size> x bytes (in the above example x is 245).
#Analyze the input data chunks of bytes in size <117 and apply encryption on each piece. The code example of this approach can be found [http://www.aviransplace.com/2004/10/12/using-rsa-encryption-with-java/3/ here].

Both approaches could affect performance since the RSA key larger or approach of [https://en.wikipedia.org/wiki/Divide_and_conquer_algorithms "divide and conquer"] of input bytes are computationally expensive.

=== Algorithm ===

With the foregoing, the following algorithm can be used for the implementation of public key cryptography in Java.

#Encrypt the message using a symmetric key
#Concatenate the symmetric key + symmetric hash + hash key message.
#Encrypt the concatenated string with the public key of the recipient.
#Sign data to be transmitted (encrypted symmetric key + the + Hash hash key message).
#Validate the signature.
#Deciphering the message with the recipient's private key to obtain the symmetric key.
#Validate the integrity of the key using the hash key.
#It decipher the real message using the symmetric key that has been decrypted, analyzed and integrity checks.
#Calculate MessageDigest of data.
#Validate whether the message digest decrypted text matches the message digest of the original message.

=== Commands for key generation ===

prompt# keytool -genkey -alias testsender -keystore testkeystore.ks -keyalg RSA Enter keystore password: testpwd

What is your first and last name?
[Unknown]: Alice Sender

What is your name?
[Unknown]: IT

What is the name of the OU?
[Unknown]: ABC Inc

What is the name of your organization?
[Unknown]: LA

What is the name of your city or town?
[Unknown]: CA

What is the name of your state or province?
[Unknown]: US

Is CN = Alice Sender, OU = IT, O = ABC Inc, L = LA, ST = CA, C = EE.UU. correct?
[no]: y

Enter the key password for <testsender>
(RETURN if same as keystore password): send123

prompt # keytool -genkey -alias testrecv -keystore testkeystore.ks -keyalg RSA Enter the password of KeyStore: testpwd

What is your name?
[Unknown]: Bob Receiver

What is the name of the OU?
[Unknown]: HR

What is the name of your organization?
[Unknown]: ABC Inc

What is the name of your city or town?
[Unknown]: SFO

What is the name of your state or province?
[Unknown]: CA

What is the country code of two letters for this unit?
[Unknown]: US

Is CN = Bob receptor, OU = HR, O = ABC Inc, L = SFO, ST = CA, C = EE.UU. correct?
[no]: y

Enter the key password for <testrecv>
(RETURN if same as keystore password): recv123

=== Code Example ===

==== PublicKeyCryptography.java ====
<pre>package org.owasp.crypto;

import java.security.*;
import java.security.cert.*;
import javax.crypto.*;
import sun.misc.BASE64Encoder;
import sun.misc.BASE64Decoder;

/**
*
* @author Joe Prasanna Kumar
*
* 1. Cifrar los datos utilizando una clave simétrica
* 2. Cifrar la clave simétrica con la clave pública Receptores
* 3. Crear un resumen del mensaje de los datos a transmitir
* 4. Firma el mensaje a transmitir
* 5. Envíe los datos a través de un canal no seguro
* 6. Validar la firma
* 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
* 8. Descifrar los datos usando la clave simétrica
* 9. Calcule MessageDigest de datos + mensaje firmado
* 10.Valide si la síntesis del mensaje del texto descifrado coincide con el resumen de mensaje del mensaje original
*
*/

public class PublicKeyCryptography {

/**
* @param args
*/
public static void main(String[] args) {

SymmetricEncrypt encryptUtil = new SymmetricEncrypt();
String strDataToEncrypt = "Hello World";
byte[] byteDataToTransmit = strDataToEncrypt.getBytes();

// Generación de un SecretKey para el cifrado simétrico
SecretKey senderSecretKey = SymmetricEncrypt.getSecret();

//1. Cifrar los datos utilizando una clave simétrica
byte[] byteCipherText = encryptUtil.encryptData(byteDataToTransmit,senderSecretKey,"AES");
String strCipherText = new BASE64Encoder().encode(byteCipherText);

//2. Cifrar la clave simétrica con la clave pública
try{
// 2.1 Especifique el almacén de claves que se haya importado el certificado Receptores
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
char [] password = "testpwd".toCharArray();
java.io.FileInputStream fis = new java.io.FileInputStream("/home/Joebi/workspace/OWASP_Crypto/org/owasp/crypto/testkeystore.ks");
ks.load(fis, password);
fis.close();

// 2.2 Creación de un certificado X509 del receptor
X509Certificate recvcert ;
MessageDigest md = MessageDigest.getInstance("MD5");
recvcert = (X509Certificate)ks.getCertificate("testrecv");
// 2.3 Obtención de la llave pública de los certificados
PublicKey pubKeyReceiver = recvcert.getPublicKey();

// 2.4 Cifrado de la SecretKey con la clave pública Receptores
byte[] byteEncryptWithPublicKey = encryptUtil.encryptData(senderSecretKey.getEncoded(),pubKeyReceiver,"RSA/ECB/PKCS1Padding");
String strSenbyteEncryptWithPublicKey = new BASE64Encoder().encode(byteEncryptWithPublicKey);

// 3. Crear un resumen del mensaje de los datos a transmitir
md.update(byteDataToTransmit);
byte byteMDofDataToTransmit[] = md.digest();

String strMDofDataToTransmit = new String();
for (int i = 0; i < byteMDofDataToTransmit.length; i++){
strMDofDataToTransmit = strMDofDataToTransmit + Integer.toHexString((int)byteMDofDataToTransmit[i] & 0xFF) ;
}

// 3.1 Mensaje que se Firmado = clave secreta cifrada + MAC de los datos a transmitir
String strMsgToSign = strSenbyteEncryptWithPublicKey + "|" + strMDofDataToTransmit;

// 4. Firma el mensaje
// 4.1 Obtener la clave privada del remitente desde el almacén de claves, proporcionando la contraseña establecida para la llave privada mientras se crea las llaves usados.
char[] keypassword = "send123".toCharArray();
Key myKey = ks.getKey("testsender", keypassword);
PrivateKey myPrivateKey = (PrivateKey)myKey;

// 4.2 Firmar el mensaje
Signature mySign = Signature.getInstance("MD5withRSA");
mySign.initSign(myPrivateKey);
mySign.update(strMsgToSign.getBytes());
byte[] byteSignedData = mySign.sign();

// 5. Los valores byteSignedData (la firma) y strMsgToSign (los datos que se firmó) se pueden enviar a través del receptor

// 6. Validar la firma
// 6.1 Extraer la clave pública de su certificado de remitentes
X509Certificate sendercert ;
sendercert = (X509Certificate)ks.getCertificate("testsender");
PublicKey pubKeySender = sendercert.getPublicKey();
// 6.2 Verificar la Firma
Signature myVerifySign = Signature.getInstance("MD5withRSA");
myVerifySign.initVerify(pubKeySender);
myVerifySign.update(strMsgToSign.getBytes());

boolean verifySign = myVerifySign.verify(byteSignedData);
if (verifySign == false)
{
System.out.println(" Error in validating Signature ");
}

else
System.out.println(" Successfully validated Signature ");

// 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
char[] recvpassword = "recv123".toCharArray();
Key recvKey = ks.getKey("testrecv", recvpassword);
PrivateKey recvPrivateKey = (PrivateKey)recvKey;

// Analizar el MessageDigest y el valor cifrado
String strRecvSignedData = new String (byteSignedData);
String[] strRecvSignedDataArray = new String [10];
strRecvSignedDataArray = strMsgToSign.split("|");
int intindexofsep = strMsgToSign.indexOf("|");
String strEncryptWithPublicKey = strMsgToSign.substring(0,intindexofsep);
String strHashOfData = strMsgToSign.substring(intindexofsep+1);

// Descifrado para obtener la clave simétrica
byte[] bytestrEncryptWithPublicKey = new BASE64Decoder().decodeBuffer(strEncryptWithPublicKey);
byte[] byteDecryptWithPrivateKey = encryptUtil.decryptData(byteEncryptWithPublicKey,recvPrivateKey,"RSA/ECB/PKCS1Padding");

// 8. Descifrar los datos usando la clave simétrica
javax.crypto.spec.SecretKeySpec secretKeySpecDecrypted = new javax.crypto.spec.SecretKeySpec(byteDecryptWithPrivateKey,"AES");
byte[] byteDecryptText = encryptUtil.decryptData(byteCipherText,secretKeySpecDecrypted,"AES");
String strDecryptedText = new String(byteDecryptText);
System.out.println(" Decrypted data is " +strDecryptedText);

// 9. Calcule MessageDigest de datos + mensaje firmado
MessageDigest recvmd = MessageDigest.getInstance("MD5");
recvmd.update(byteDecryptText);
byte byteHashOfRecvSignedData[] = recvmd.digest();

String strHashOfRecvSignedData = new String();

for (int i = 0; i < byteHashOfRecvSignedData.length; i++){
strHashOfRecvSignedData = strHashOfRecvSignedData + Integer.toHexString((int)byteHashOfRecvSignedData[i] & 0xFF) ;
}
// 10. Validar si la síntesis del mensaje del texto coincide con el mensaje descifrado
Digest of the Original Message

if (!strHashOfRecvSignedData.equals(strHashOfData))
{
System.out.println(" Message has been tampered ");
}

}

catch(Exception exp)
{
System.out.println(" Exception caught " + exp);
exp.printStackTrace();
}

}

}
</pre>
==== SymmetricEncrypt.java ====
<pre>package org.owasp.crypto;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.Cipher;
import java.security.Key;

import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import java.security.InvalidAlgorithmParameterException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;

import sun.misc.BASE64Encoder;

/**
* @author Joe Prasanna Kumar
* Este programa ofrece las funcionalidades criptográficas siguientes
* 1. Cifrado con AES
* 2. El descifrado con AES
*
* Algoritmo de alto nivel:
* 1. Generar una clave DES (especificar el tamaño de la clave durante esta fase)
* 2. Cree el Cipher
* 3. Para cifrar: Inicializar el cifrado para el cifrado
* 4. Para descifrar: Inicializar el cifrado para descifrar
*
*
*/

public class SymmetricEncrypt {

String strDataToEncrypt = new String();
String strCipherText = new String();
String strDecryptedText = new String();
static KeyGenerator keyGen;
private static String strHexVal = "0123456789abcdef";

public static SecretKey getSecret(){
/**
* Paso 1. Generación de una clave AES mediante keygenerator
* Inicializa el tamaño de clave de 128
*
*/

try{
keyGen = KeyGenerator.getInstance("AES");
keyGen.init(128);

}

catch(Exception exp)
{
System.out.println(" Exception inside constructor " +exp);
}

SecretKey secretKey = keyGen.generateKey();
return secretKey;
}

/**
* Paso 2. Crear un sistema de cifrado mediante la especificación de los siguientes parámetros
* a. Nombre del algoritmo - aquí es AES
*/

public byte[] encryptData(byte[] byteDataToEncrypt, Key secretKey, String Algorithm) {
byte[] byteCipherText = new byte[200];

try {
Cipher aesCipher = Cipher.getInstance(Algorithm);

/**
* Paso 3. Inicialice el cifrado para el cifrado
*/
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey);
}

/**
* Paso 4. Cifrar los datos
* 1. Declarar / inicializar los datos. Aquí los datos son de tipo String
* 2. Convertir el texto de entrada a Bytes
* 3. Cifrado de los bytes, utilizando el método doFinal
*/
byteCipherText = aesCipher.doFinal(byteDataToEncrypt);
strCipherText = new BASE64Encoder().encode(byteCipherText);

}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}
catch (Exception exp)
{
exp.printStackTrace();
}

return byteCipherText;
}
/**
* Paso 5. Descifrar los datos
* 1. Inicialice el cifrado para descifrar
* 2. Descifrar los bytes cifrados utilizando el método doFinal
*/

public byte[] decryptData(byte[] byteCipherText, Key secretKey, String Algorithm) {
byte[] byteDecryptedText = new byte[200];

try{
Cipher aesCipher = Cipher.getInstance(Algorithm);
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey);
}

byteDecryptedText = aesCipher.doFinal(byteCipherText);
strDecryptedText = new String(byteDecryptedText);
}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
invalidKey.printStackTrace();
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
badPadding.printStackTrace();
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}

catch (InvalidAlgorithmParameterException invalidParam)
{
System.out.println(" Invalid Parameter " + invalidParam);
}

return byteDecryptedText;
}

public static byte[] convertStringToByteArray(String strInput) {
strInput = strInput.toLowerCase();
byte[] byteConverted = new byte[(strInput.length() + 1) / 2];
int j = 0;
int interimVal;
int nibble = -1;

for (int i = 0; i < strInput.length(); ++i) {
interimVal = strHexVal.indexOf(strInput.charAt(i));
if (interimVal >= 0) {
if (nibble < 0) {
nibble = interimVal;
} else {
byteConverted[j++] = (byte) ((nibble << 4) + interimVal);
nibble = -1;
}
}
}

if (nibble >= 0) {
byteConverted[j++] = (byte) (nibble << 4);
}

if (j < byteConverted.length) {
byte[] byteTemp = new byte[j];
System.arraycopy(byteConverted, 0, byteTemp, 0, j);
byteConverted = byteTemp;
}

return byteConverted;
}

public static String convertByteArrayToString(byte[] block) {
StringBuffer buf = new StringBuffer();

for (int i = 0; i < block.length; ++i) {
buf.append(strHexVal.charAt((block[i] >>> 4) & 0xf));
buf.append(strHexVal.charAt(block[i] & 0xf));
}

return buf.toString();
}
}
</pre>

== Referencias ==

#Computer Security Arts and Science – Matt Bishop
#Core Security Patterns – Christopher Steele, Ray Lai and Ramesh Nagappan

[[Category:Java]]

'''Aplicaciones en Ambientes Libres'''

'''Tutor:''' Ing. Tito Armas

'''Traductoroas:''' Bravo Maria Jose y Portilla Maria Fernanda 2012

Implementacion De Firmas Digitales en Java

2016-05-25T20:54:11Z

Ledio5485: /* Commands for key generation */

== WARNING ==

Jim Manico recently brought to my attention this wiki page, the same who asked me to check exactly. In doing so, I noticed several errors and areas of weakness. Lately, I have the intention to revisit this page (hopefully with the help of one of the original owners), but I do not have time to do a full review at this time. Therefore, I will summarize the problems observed on this page and leaving you the decision to use or not, with these warnings.
 
#First, this page does not describe "digital signatures". Rather, it describes a concept known as "digital envelopes", which is a scheme used with objects such as S / MIME. Digital signatures not only encrypt the actual message text, only encrypts the hash of the message text.
#UTF-8 should be used to convert between Java byte strings and arrays to ensure adequate portability across different operating systems.
#The certificate chain must always be validated. In this example, the certificate is self-signed, so this is not relevant and will not be true in the normal case. Furthermore, it should be noted that the self-signed, but acceptable for demonstration purposes certificates is considered a dubious practice for production, as it opens the door to spoofing attacks.
#[http://www.nist.gov/ NIST] now recommends using key size 2048 bits for RSA or DSA keys.
#There is a consistent use of weak algorithms. Here are some suggested replacements:
## Use "RSA/ECB/OAEPWithSHA1AndMGF1Padding" instead of "RSA/ECB/PKCS1Padding".
## Use SHA1 (or better SHA256, SHA1 but at least) instead of MD5 for message digest.
## Use "SHA1withRSA" for the signature algorithm instead of "MD5withRSA".
## When creating a symmetric encryption system to encrypt the message text, use "AES / CBC / PKCS5Padding" and choose an IV random for each text message instead of simply using "AES", ending with "AES / ECB / PKCS5Padding ". ECB mode is extremely weak for a regular plain text. (OK for random bit encryption, however, is well used with RSA.) However, the use CBC and PKCS5Padding could make it vulnerable to "Padding Oracle" attacks, so caution is advised. You can use Encryptor 2.0 ESAPI 's to avoid it. (Note also, this part is the concept of "on digital". If this page was really limited by "digital signatures" would not apply because it would be irrelevant.)
 
I hope to get soonest, before cleaning this wiki page. Meanwhile, email me your questions.
 
-Kevin Wall

== Overview ==

This article presents a brief overview of the concepts involved with digital signatures and provides code examples for the application of digital signatures in Java using the [http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html Java Cryptography Architecture (JCA)].

=== What is a digital signature? ===

A digital signature is a concept that helps to get the non-repudiation of origin (ie, the integrity of Origin) data. By digitally signing the document, the person signing, says he is the author of the document or the signed message.

=== Need for Digital Signature ===

During the "E" revolution was a need for authentication of critical transactions especially in the financial world. If Alice agreed to transfer $ x to Bob, then there had to be a way for Bob to ensure that:

*It was Alice who performed the transaction and not someone else impersonating Alice (Authentication).
*The amount agreed by Alice is $ x (Integrity).
*Alice could not discuss his statement transaction $ x a Bob (Non-repudiation of origin).

These concerns were treated with a solution known as digital signatures. More background information on digital signatures can be found [http://en.wikipedia.org/wiki/Digital_signature here]

== Digital signatures in Java using JCA ==

Java Cryptography Architecture is a framework for accessing and developing cryptographic functionality for the Java platform. JCA provider implements cryptographic functionality such as digital signatures and message digests. The default JCA provider is SUN JDK 1.4.2.

=== Security considerations when implementing digital signature ===

Two major safety considerations that must be taken into account when applying digital signatures are:

#Sign the message and then encrypt the signed message.
#Sign the hash of the message instead of the entire message.

=== Performance considerations when implementing digital signature ===

Because asymmetric encryption algorithms such as RSA, DSA are computationally slower than symmetric encryption algorithms such as AES, it is a good practice, encrypt the actual message that is transmitted using a symmetric key algorithm and then encrypt the key that is used in symmetric key algorithm using an asymmetric key algorithm. For example, if you want to convey the message "Hello World Digital Signatures", then this message is first encrypted with a symmetric key, for example, an AES 128-bit key as x7oFaHSPnWxEMiZE/0qYrg and then this key is encrypted with an algorithm as RSA asymmetric key.

== Algorithm to implement digital signature using the RSA algorithm ==

The provider RSA Java implementation has a limitation in that encryption can be performed on the data length <= 117 bytes only. If the data is of a length> 117 bytes, it will launch a IllegalBlockSizeException: Data must have more than 117 bytes symmetry there has to be encrypted and then signed.

RSA PKCS # 1 algorithm can only encrypt data size k - 11, where k whose length is one byte and the RSA module 11 is the number of bytes used by the filling PCKS # 1 v1.5. Therefore, if we use an RSA key size of 1024 bits, we could encrypt only 128-11 => 117 bytes of data. There are two options available to encrypt data byte size larger.

#We could use an RSA key length> 1024. For example, using 2048 bits, then we could encrypt 256-11 => 245 bytes of data. The disadvantage of this approach is that it would be capable of encoding data size> x bytes (in the above example x is 245).
#Analyze the input data chunks of bytes in size <117 and apply encryption on each piece. The code example of this approach can be found [http://www.aviransplace.com/2004/10/12/using-rsa-encryption-with-java/3/ here].

Both approaches could affect performance since the RSA key larger or approach of [https://en.wikipedia.org/wiki/Divide_and_conquer_algorithms "divide and conquer"] of input bytes are computationally expensive.

=== Algorithm ===

With the foregoing, the following algorithm can be used for the implementation of public key cryptography in Java.

#Encrypt the message using a symmetric key
#Concatenate the symmetric key + symmetric hash + hash key message.
#Encrypt the concatenated string with the public key of the recipient.
#Sign data to be transmitted (encrypted symmetric key + the + Hash hash key message).
#Validate the signature.
#Deciphering the message with the recipient's private key to obtain the symmetric key.
#Validate the integrity of the key using the hash key.
#It decipher the real message using the symmetric key that has been decrypted, analyzed and integrity checks.
#Calculate MessageDigest of data.
#Validate whether the message digest decrypted text matches the message digest of the original message.

=== Commands for key generation ===

prompt# keytool -genkey -alias testsender -keystore testkeystore.ks -keyalg RSA Enter keystore password: testpwd

What is your first and last name?
[Unknown]: Alice Sender

What is your name?
[Unknown]: IT

What is the name of the OU?
[Unknown]: ABC Inc

What is the name of your organization?
[Unknown]: LA

What is the name of your city or town?
[Unknown]: CA

What is the name of your state or province?
[Unknown]: US

Is CN = Alice Sender, OU = IT, O = ABC Inc, L = LA, ST = CA, C = EE.UU. correct?
[no]: y

Enter the key password for <testsender>
(RETURN if same as keystore password): send123

prompt # keytool -genkey -alias testrecv -keystore testkeystore.ks -keyalg RSA Enter the password of KeyStore: testpwd

What is your name?
[Unknown]: Bob Receiver

What is the name of the OU?
[Unknown]: HR

What is the name of your organization?
[Unknown]: ABC Inc

What is the name of your city or town?
[Unknown]: SFO

What is the name of your state or province?
[Unknown]: CA

What is the country code of two letters for this unit?
[Unknown]: US

Is CN = Bob receptor, OU = HR, O = ABC Inc, L = SFO, ST = CA, C = EE.UU. correct?
[no]: y

Enter the key password for <testrecv>
(RETURN if same as keystore password): recv123

=== Ejemplo de Código ===

==== PublicKeyCryptography.java ====
<pre>package org.owasp.crypto;

import java.security.*;
import java.security.cert.*;
import javax.crypto.*;
import sun.misc.BASE64Encoder;
import sun.misc.BASE64Decoder;

/**
*
* @author Joe Prasanna Kumar
*
* 1. Cifrar los datos utilizando una clave simétrica
* 2. Cifrar la clave simétrica con la clave pública Receptores
* 3. Crear un resumen del mensaje de los datos a transmitir
* 4. Firma el mensaje a transmitir
* 5. Envíe los datos a través de un canal no seguro
* 6. Validar la firma
* 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
* 8. Descifrar los datos usando la clave simétrica
* 9. Calcule MessageDigest de datos + mensaje firmado
* 10.Valide si la síntesis del mensaje del texto descifrado coincide con el resumen de mensaje del mensaje original
*
*/

public class PublicKeyCryptography {

/**
* @param args
*/
public static void main(String[] args) {

SymmetricEncrypt encryptUtil = new SymmetricEncrypt();
String strDataToEncrypt = "Hello World";
byte[] byteDataToTransmit = strDataToEncrypt.getBytes();

// Generación de un SecretKey para el cifrado simétrico
SecretKey senderSecretKey = SymmetricEncrypt.getSecret();

//1. Cifrar los datos utilizando una clave simétrica
byte[] byteCipherText = encryptUtil.encryptData(byteDataToTransmit,senderSecretKey,"AES");
String strCipherText = new BASE64Encoder().encode(byteCipherText);

//2. Cifrar la clave simétrica con la clave pública
try{
// 2.1 Especifique el almacén de claves que se haya importado el certificado Receptores
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
char [] password = "testpwd".toCharArray();
java.io.FileInputStream fis = new java.io.FileInputStream("/home/Joebi/workspace/OWASP_Crypto/org/owasp/crypto/testkeystore.ks");
ks.load(fis, password);
fis.close();

// 2.2 Creación de un certificado X509 del receptor
X509Certificate recvcert ;
MessageDigest md = MessageDigest.getInstance("MD5");
recvcert = (X509Certificate)ks.getCertificate("testrecv");
// 2.3 Obtención de la llave pública de los certificados
PublicKey pubKeyReceiver = recvcert.getPublicKey();

// 2.4 Cifrado de la SecretKey con la clave pública Receptores
byte[] byteEncryptWithPublicKey = encryptUtil.encryptData(senderSecretKey.getEncoded(),pubKeyReceiver,"RSA/ECB/PKCS1Padding");
String strSenbyteEncryptWithPublicKey = new BASE64Encoder().encode(byteEncryptWithPublicKey);

// 3. Crear un resumen del mensaje de los datos a transmitir
md.update(byteDataToTransmit);
byte byteMDofDataToTransmit[] = md.digest();

String strMDofDataToTransmit = new String();
for (int i = 0; i < byteMDofDataToTransmit.length; i++){
strMDofDataToTransmit = strMDofDataToTransmit + Integer.toHexString((int)byteMDofDataToTransmit[i] & 0xFF) ;
}

// 3.1 Mensaje que se Firmado = clave secreta cifrada + MAC de los datos a transmitir
String strMsgToSign = strSenbyteEncryptWithPublicKey + "|" + strMDofDataToTransmit;

// 4. Firma el mensaje
// 4.1 Obtener la clave privada del remitente desde el almacén de claves, proporcionando la contraseña establecida para la llave privada mientras se crea las llaves usados.
char[] keypassword = "send123".toCharArray();
Key myKey = ks.getKey("testsender", keypassword);
PrivateKey myPrivateKey = (PrivateKey)myKey;

// 4.2 Firmar el mensaje
Signature mySign = Signature.getInstance("MD5withRSA");
mySign.initSign(myPrivateKey);
mySign.update(strMsgToSign.getBytes());
byte[] byteSignedData = mySign.sign();

// 5. Los valores byteSignedData (la firma) y strMsgToSign (los datos que se firmó) se pueden enviar a través del receptor

// 6. Validar la firma
// 6.1 Extraer la clave pública de su certificado de remitentes
X509Certificate sendercert ;
sendercert = (X509Certificate)ks.getCertificate("testsender");
PublicKey pubKeySender = sendercert.getPublicKey();
// 6.2 Verificar la Firma
Signature myVerifySign = Signature.getInstance("MD5withRSA");
myVerifySign.initVerify(pubKeySender);
myVerifySign.update(strMsgToSign.getBytes());

boolean verifySign = myVerifySign.verify(byteSignedData);
if (verifySign == false)
{
System.out.println(" Error in validating Signature ");
}

else
System.out.println(" Successfully validated Signature ");

// 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
char[] recvpassword = "recv123".toCharArray();
Key recvKey = ks.getKey("testrecv", recvpassword);
PrivateKey recvPrivateKey = (PrivateKey)recvKey;

// Analizar el MessageDigest y el valor cifrado
String strRecvSignedData = new String (byteSignedData);
String[] strRecvSignedDataArray = new String [10];
strRecvSignedDataArray = strMsgToSign.split("|");
int intindexofsep = strMsgToSign.indexOf("|");
String strEncryptWithPublicKey = strMsgToSign.substring(0,intindexofsep);
String strHashOfData = strMsgToSign.substring(intindexofsep+1);

// Descifrado para obtener la clave simétrica
byte[] bytestrEncryptWithPublicKey = new BASE64Decoder().decodeBuffer(strEncryptWithPublicKey);
byte[] byteDecryptWithPrivateKey = encryptUtil.decryptData(byteEncryptWithPublicKey,recvPrivateKey,"RSA/ECB/PKCS1Padding");

// 8. Descifrar los datos usando la clave simétrica
javax.crypto.spec.SecretKeySpec secretKeySpecDecrypted = new javax.crypto.spec.SecretKeySpec(byteDecryptWithPrivateKey,"AES");
byte[] byteDecryptText = encryptUtil.decryptData(byteCipherText,secretKeySpecDecrypted,"AES");
String strDecryptedText = new String(byteDecryptText);
System.out.println(" Decrypted data is " +strDecryptedText);

// 9. Calcule MessageDigest de datos + mensaje firmado
MessageDigest recvmd = MessageDigest.getInstance("MD5");
recvmd.update(byteDecryptText);
byte byteHashOfRecvSignedData[] = recvmd.digest();

String strHashOfRecvSignedData = new String();

for (int i = 0; i < byteHashOfRecvSignedData.length; i++){
strHashOfRecvSignedData = strHashOfRecvSignedData + Integer.toHexString((int)byteHashOfRecvSignedData[i] & 0xFF) ;
}
// 10. Validar si la síntesis del mensaje del texto coincide con el mensaje descifrado
Digest of the Original Message

if (!strHashOfRecvSignedData.equals(strHashOfData))
{
System.out.println(" Message has been tampered ");
}

}

catch(Exception exp)
{
System.out.println(" Exception caught " + exp);
exp.printStackTrace();
}

}

}
</pre>
==== SymmetricEncrypt.java ====
<pre>package org.owasp.crypto;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.Cipher;
import java.security.Key;

import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import java.security.InvalidAlgorithmParameterException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;

import sun.misc.BASE64Encoder;

/**
* @author Joe Prasanna Kumar
* Este programa ofrece las funcionalidades criptográficas siguientes
* 1. Cifrado con AES
* 2. El descifrado con AES
*
* Algoritmo de alto nivel:
* 1. Generar una clave DES (especificar el tamaño de la clave durante esta fase)
* 2. Cree el Cipher
* 3. Para cifrar: Inicializar el cifrado para el cifrado
* 4. Para descifrar: Inicializar el cifrado para descifrar
*
*
*/

public class SymmetricEncrypt {

String strDataToEncrypt = new String();
String strCipherText = new String();
String strDecryptedText = new String();
static KeyGenerator keyGen;
private static String strHexVal = "0123456789abcdef";

public static SecretKey getSecret(){
/**
* Paso 1. Generación de una clave AES mediante keygenerator
* Inicializa el tamaño de clave de 128
*
*/

try{
keyGen = KeyGenerator.getInstance("AES");
keyGen.init(128);

}

catch(Exception exp)
{
System.out.println(" Exception inside constructor " +exp);
}

SecretKey secretKey = keyGen.generateKey();
return secretKey;
}

/**
* Paso 2. Crear un sistema de cifrado mediante la especificación de los siguientes parámetros
* a. Nombre del algoritmo - aquí es AES
*/

public byte[] encryptData(byte[] byteDataToEncrypt, Key secretKey, String Algorithm) {
byte[] byteCipherText = new byte[200];

try {
Cipher aesCipher = Cipher.getInstance(Algorithm);

/**
* Paso 3. Inicialice el cifrado para el cifrado
*/
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey);
}

/**
* Paso 4. Cifrar los datos
* 1. Declarar / inicializar los datos. Aquí los datos son de tipo String
* 2. Convertir el texto de entrada a Bytes
* 3. Cifrado de los bytes, utilizando el método doFinal
*/
byteCipherText = aesCipher.doFinal(byteDataToEncrypt);
strCipherText = new BASE64Encoder().encode(byteCipherText);

}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}
catch (Exception exp)
{
exp.printStackTrace();
}

return byteCipherText;
}
/**
* Paso 5. Descifrar los datos
* 1. Inicialice el cifrado para descifrar
* 2. Descifrar los bytes cifrados utilizando el método doFinal
*/

public byte[] decryptData(byte[] byteCipherText, Key secretKey, String Algorithm) {
byte[] byteDecryptedText = new byte[200];

try{
Cipher aesCipher = Cipher.getInstance(Algorithm);
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey);
}

byteDecryptedText = aesCipher.doFinal(byteCipherText);
strDecryptedText = new String(byteDecryptedText);
}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
invalidKey.printStackTrace();
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
badPadding.printStackTrace();
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}

catch (InvalidAlgorithmParameterException invalidParam)
{
System.out.println(" Invalid Parameter " + invalidParam);
}

return byteDecryptedText;
}

public static byte[] convertStringToByteArray(String strInput) {
strInput = strInput.toLowerCase();
byte[] byteConverted = new byte[(strInput.length() + 1) / 2];
int j = 0;
int interimVal;
int nibble = -1;

for (int i = 0; i < strInput.length(); ++i) {
interimVal = strHexVal.indexOf(strInput.charAt(i));
if (interimVal >= 0) {
if (nibble < 0) {
nibble = interimVal;
} else {
byteConverted[j++] = (byte) ((nibble << 4) + interimVal);
nibble = -1;
}
}
}

if (nibble >= 0) {
byteConverted[j++] = (byte) (nibble << 4);
}

if (j < byteConverted.length) {
byte[] byteTemp = new byte[j];
System.arraycopy(byteConverted, 0, byteTemp, 0, j);
byteConverted = byteTemp;
}

return byteConverted;
}

public static String convertByteArrayToString(byte[] block) {
StringBuffer buf = new StringBuffer();

for (int i = 0; i < block.length; ++i) {
buf.append(strHexVal.charAt((block[i] >>> 4) & 0xf));
buf.append(strHexVal.charAt(block[i] & 0xf));
}

return buf.toString();
}
}
</pre>

== Referencias ==

#Computer Security Arts and Science – Matt Bishop
#Core Security Patterns – Christopher Steele, Ray Lai and Ramesh Nagappan

[[Category:Java]]

'''Aplicaciones en Ambientes Libres'''

'''Tutor:''' Ing. Tito Armas

'''Traductoroas:''' Bravo Maria Jose y Portilla Maria Fernanda 2012

Implementacion De Firmas Digitales en Java

2016-05-25T20:39:25Z

Ledio5485: /* Comandos para la generación de claves */

== WARNING ==

Jim Manico recently brought to my attention this wiki page, the same who asked me to check exactly. In doing so, I noticed several errors and areas of weakness. Lately, I have the intention to revisit this page (hopefully with the help of one of the original owners), but I do not have time to do a full review at this time. Therefore, I will summarize the problems observed on this page and leaving you the decision to use or not, with these warnings.
 
#First, this page does not describe "digital signatures". Rather, it describes a concept known as "digital envelopes", which is a scheme used with objects such as S / MIME. Digital signatures not only encrypt the actual message text, only encrypts the hash of the message text.
#UTF-8 should be used to convert between Java byte strings and arrays to ensure adequate portability across different operating systems.
#The certificate chain must always be validated. In this example, the certificate is self-signed, so this is not relevant and will not be true in the normal case. Furthermore, it should be noted that the self-signed, but acceptable for demonstration purposes certificates is considered a dubious practice for production, as it opens the door to spoofing attacks.
#[http://www.nist.gov/ NIST] now recommends using key size 2048 bits for RSA or DSA keys.
#There is a consistent use of weak algorithms. Here are some suggested replacements:
## Use "RSA/ECB/OAEPWithSHA1AndMGF1Padding" instead of "RSA/ECB/PKCS1Padding".
## Use SHA1 (or better SHA256, SHA1 but at least) instead of MD5 for message digest.
## Use "SHA1withRSA" for the signature algorithm instead of "MD5withRSA".
## When creating a symmetric encryption system to encrypt the message text, use "AES / CBC / PKCS5Padding" and choose an IV random for each text message instead of simply using "AES", ending with "AES / ECB / PKCS5Padding ". ECB mode is extremely weak for a regular plain text. (OK for random bit encryption, however, is well used with RSA.) However, the use CBC and PKCS5Padding could make it vulnerable to "Padding Oracle" attacks, so caution is advised. You can use Encryptor 2.0 ESAPI 's to avoid it. (Note also, this part is the concept of "on digital". If this page was really limited by "digital signatures" would not apply because it would be irrelevant.)
 
I hope to get soonest, before cleaning this wiki page. Meanwhile, email me your questions.
 
-Kevin Wall

== Overview ==

This article presents a brief overview of the concepts involved with digital signatures and provides code examples for the application of digital signatures in Java using the [http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html Java Cryptography Architecture (JCA)].

=== What is a digital signature? ===

A digital signature is a concept that helps to get the non-repudiation of origin (ie, the integrity of Origin) data. By digitally signing the document, the person signing, says he is the author of the document or the signed message.

=== Need for Digital Signature ===

During the "E" revolution was a need for authentication of critical transactions especially in the financial world. If Alice agreed to transfer $ x to Bob, then there had to be a way for Bob to ensure that:

*It was Alice who performed the transaction and not someone else impersonating Alice (Authentication).
*The amount agreed by Alice is $ x (Integrity).
*Alice could not discuss his statement transaction $ x a Bob (Non-repudiation of origin).

These concerns were treated with a solution known as digital signatures. More background information on digital signatures can be found [http://en.wikipedia.org/wiki/Digital_signature here]

== Digital signatures in Java using JCA ==

Java Cryptography Architecture is a framework for accessing and developing cryptographic functionality for the Java platform. JCA provider implements cryptographic functionality such as digital signatures and message digests. The default JCA provider is SUN JDK 1.4.2.

=== Security considerations when implementing digital signature ===

Two major safety considerations that must be taken into account when applying digital signatures are:

#Sign the message and then encrypt the signed message.
#Sign the hash of the message instead of the entire message.

=== Performance considerations when implementing digital signature ===

Because asymmetric encryption algorithms such as RSA, DSA are computationally slower than symmetric encryption algorithms such as AES, it is a good practice, encrypt the actual message that is transmitted using a symmetric key algorithm and then encrypt the key that is used in symmetric key algorithm using an asymmetric key algorithm. For example, if you want to convey the message "Hello World Digital Signatures", then this message is first encrypted with a symmetric key, for example, an AES 128-bit key as x7oFaHSPnWxEMiZE/0qYrg and then this key is encrypted with an algorithm as RSA asymmetric key.

== Algorithm to implement digital signature using the RSA algorithm ==

The provider RSA Java implementation has a limitation in that encryption can be performed on the data length <= 117 bytes only. If the data is of a length> 117 bytes, it will launch a IllegalBlockSizeException: Data must have more than 117 bytes symmetry there has to be encrypted and then signed.

RSA PKCS # 1 algorithm can only encrypt data size k - 11, where k whose length is one byte and the RSA module 11 is the number of bytes used by the filling PCKS # 1 v1.5. Therefore, if we use an RSA key size of 1024 bits, we could encrypt only 128-11 => 117 bytes of data. There are two options available to encrypt data byte size larger.

#We could use an RSA key length> 1024. For example, using 2048 bits, then we could encrypt 256-11 => 245 bytes of data. The disadvantage of this approach is that it would be capable of encoding data size> x bytes (in the above example x is 245).
#Analyze the input data chunks of bytes in size <117 and apply encryption on each piece. The code example of this approach can be found [http://www.aviransplace.com/2004/10/12/using-rsa-encryption-with-java/3/ here].

Both approaches could affect performance since the RSA key larger or approach of [https://en.wikipedia.org/wiki/Divide_and_conquer_algorithms "divide and conquer"] of input bytes are computationally expensive.

=== Algorithm ===

With the foregoing, the following algorithm can be used for the implementation of public key cryptography in Java.

#Encrypt the message using a symmetric key
#Concatenate the symmetric key + symmetric hash + hash key message.
#Encrypt the concatenated string with the public key of the recipient.
#Sign data to be transmitted (encrypted symmetric key + the + Hash hash key message).
#Validate the signature.
#Deciphering the message with the recipient's private key to obtain the symmetric key.
#Validate the integrity of the key using the hash key.
#It decipher the real message using the symmetric key that has been decrypted, analyzed and integrity checks.
#Calculate MessageDigest of data.
#Validate whether the message digest decrypted text matches the message digest of the original message.

=== Commands for key generation ===

prompt# keytool -genkey -alias testsender -keystore testkeystore.ks -keyalg RSA Enter keystore password: testpwd What is your first and last name?

[Unknown]: Alice Sender

¿Cuál es su nombre y apellido?

[Unknown]: IT

¿Cuál es el nombre de la unidad organizativa?

[Unknown]: ABC Inc

¿Cuál es el nombre de su organización?

[Unknown]: LA

¿Cuál es el nombre de su ciudad o localidad?

[Unknown]: CA

¿Cuál es el nombre de su estado o provincia?

[Unknown]: US

Es CN = Alice Sender, OU = IT, O = ABC Inc, L = LA, ST = CA, C = EE.UU. correcto?

[no]: y

Introduzca la contraseña clave para <testsender>

(RETURN if same as keystore password): send123

prompt # keytool -genkey -alias testrecv -keystore testkeystore.ks -keyalg RSA Introduzca la contraseña del almacén de claves: testpwd
¿Cuál es su nombre y apellido?

[Unknown]: Bob Receiver

¿Cuál es el nombre de la unidad organizativa?

[Unknown]: HR

¿Cuál es el nombre de su organización?

[Unknown]: ABC Inc

¿Cuál es el nombre de su ciudad o localidad?

[Unknown]: SFO

¿Cuál es el nombre de su estado o provincia?

[Unknown]: CA

¿Qué es el código de país de dos letras para esta unidad?

[Unknown]: US

Es CN = Bob receptor, OU = HR, O = ABC Inc, L = SFO, ST = CA, C = EE.UU. correcto?

[no]: y

Introduzca la contraseña clave para <testrecv>

(RETURN if same as keystore password): recv123

=== Ejemplo de Código ===

==== PublicKeyCryptography.java ====
<pre>package org.owasp.crypto;

import java.security.*;
import java.security.cert.*;
import javax.crypto.*;
import sun.misc.BASE64Encoder;
import sun.misc.BASE64Decoder;

/**
*
* @author Joe Prasanna Kumar
*
* 1. Cifrar los datos utilizando una clave simétrica
* 2. Cifrar la clave simétrica con la clave pública Receptores
* 3. Crear un resumen del mensaje de los datos a transmitir
* 4. Firma el mensaje a transmitir
* 5. Envíe los datos a través de un canal no seguro
* 6. Validar la firma
* 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
* 8. Descifrar los datos usando la clave simétrica
* 9. Calcule MessageDigest de datos + mensaje firmado
* 10.Valide si la síntesis del mensaje del texto descifrado coincide con el resumen de mensaje del mensaje original
*
*/

public class PublicKeyCryptography {

/**
* @param args
*/
public static void main(String[] args) {

SymmetricEncrypt encryptUtil = new SymmetricEncrypt();
String strDataToEncrypt = "Hello World";
byte[] byteDataToTransmit = strDataToEncrypt.getBytes();

// Generación de un SecretKey para el cifrado simétrico
SecretKey senderSecretKey = SymmetricEncrypt.getSecret();

//1. Cifrar los datos utilizando una clave simétrica
byte[] byteCipherText = encryptUtil.encryptData(byteDataToTransmit,senderSecretKey,"AES");
String strCipherText = new BASE64Encoder().encode(byteCipherText);

//2. Cifrar la clave simétrica con la clave pública
try{
// 2.1 Especifique el almacén de claves que se haya importado el certificado Receptores
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
char [] password = "testpwd".toCharArray();
java.io.FileInputStream fis = new java.io.FileInputStream("/home/Joebi/workspace/OWASP_Crypto/org/owasp/crypto/testkeystore.ks");
ks.load(fis, password);
fis.close();

// 2.2 Creación de un certificado X509 del receptor
X509Certificate recvcert ;
MessageDigest md = MessageDigest.getInstance("MD5");
recvcert = (X509Certificate)ks.getCertificate("testrecv");
// 2.3 Obtención de la llave pública de los certificados
PublicKey pubKeyReceiver = recvcert.getPublicKey();

// 2.4 Cifrado de la SecretKey con la clave pública Receptores
byte[] byteEncryptWithPublicKey = encryptUtil.encryptData(senderSecretKey.getEncoded(),pubKeyReceiver,"RSA/ECB/PKCS1Padding");
String strSenbyteEncryptWithPublicKey = new BASE64Encoder().encode(byteEncryptWithPublicKey);

// 3. Crear un resumen del mensaje de los datos a transmitir
md.update(byteDataToTransmit);
byte byteMDofDataToTransmit[] = md.digest();

String strMDofDataToTransmit = new String();
for (int i = 0; i < byteMDofDataToTransmit.length; i++){
strMDofDataToTransmit = strMDofDataToTransmit + Integer.toHexString((int)byteMDofDataToTransmit[i] & 0xFF) ;
}

// 3.1 Mensaje que se Firmado = clave secreta cifrada + MAC de los datos a transmitir
String strMsgToSign = strSenbyteEncryptWithPublicKey + "|" + strMDofDataToTransmit;

// 4. Firma el mensaje
// 4.1 Obtener la clave privada del remitente desde el almacén de claves, proporcionando la contraseña establecida para la llave privada mientras se crea las llaves usados.
char[] keypassword = "send123".toCharArray();
Key myKey = ks.getKey("testsender", keypassword);
PrivateKey myPrivateKey = (PrivateKey)myKey;

// 4.2 Firmar el mensaje
Signature mySign = Signature.getInstance("MD5withRSA");
mySign.initSign(myPrivateKey);
mySign.update(strMsgToSign.getBytes());
byte[] byteSignedData = mySign.sign();

// 5. Los valores byteSignedData (la firma) y strMsgToSign (los datos que se firmó) se pueden enviar a través del receptor

// 6. Validar la firma
// 6.1 Extraer la clave pública de su certificado de remitentes
X509Certificate sendercert ;
sendercert = (X509Certificate)ks.getCertificate("testsender");
PublicKey pubKeySender = sendercert.getPublicKey();
// 6.2 Verificar la Firma
Signature myVerifySign = Signature.getInstance("MD5withRSA");
myVerifySign.initVerify(pubKeySender);
myVerifySign.update(strMsgToSign.getBytes());

boolean verifySign = myVerifySign.verify(byteSignedData);
if (verifySign == false)
{
System.out.println(" Error in validating Signature ");
}

else
System.out.println(" Successfully validated Signature ");

// 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
char[] recvpassword = "recv123".toCharArray();
Key recvKey = ks.getKey("testrecv", recvpassword);
PrivateKey recvPrivateKey = (PrivateKey)recvKey;

// Analizar el MessageDigest y el valor cifrado
String strRecvSignedData = new String (byteSignedData);
String[] strRecvSignedDataArray = new String [10];
strRecvSignedDataArray = strMsgToSign.split("|");
int intindexofsep = strMsgToSign.indexOf("|");
String strEncryptWithPublicKey = strMsgToSign.substring(0,intindexofsep);
String strHashOfData = strMsgToSign.substring(intindexofsep+1);

// Descifrado para obtener la clave simétrica
byte[] bytestrEncryptWithPublicKey = new BASE64Decoder().decodeBuffer(strEncryptWithPublicKey);
byte[] byteDecryptWithPrivateKey = encryptUtil.decryptData(byteEncryptWithPublicKey,recvPrivateKey,"RSA/ECB/PKCS1Padding");

// 8. Descifrar los datos usando la clave simétrica
javax.crypto.spec.SecretKeySpec secretKeySpecDecrypted = new javax.crypto.spec.SecretKeySpec(byteDecryptWithPrivateKey,"AES");
byte[] byteDecryptText = encryptUtil.decryptData(byteCipherText,secretKeySpecDecrypted,"AES");
String strDecryptedText = new String(byteDecryptText);
System.out.println(" Decrypted data is " +strDecryptedText);

// 9. Calcule MessageDigest de datos + mensaje firmado
MessageDigest recvmd = MessageDigest.getInstance("MD5");
recvmd.update(byteDecryptText);
byte byteHashOfRecvSignedData[] = recvmd.digest();

String strHashOfRecvSignedData = new String();

for (int i = 0; i < byteHashOfRecvSignedData.length; i++){
strHashOfRecvSignedData = strHashOfRecvSignedData + Integer.toHexString((int)byteHashOfRecvSignedData[i] & 0xFF) ;
}
// 10. Validar si la síntesis del mensaje del texto coincide con el mensaje descifrado
Digest of the Original Message

if (!strHashOfRecvSignedData.equals(strHashOfData))
{
System.out.println(" Message has been tampered ");
}

}

catch(Exception exp)
{
System.out.println(" Exception caught " + exp);
exp.printStackTrace();
}

}

}
</pre>
==== SymmetricEncrypt.java ====
<pre>package org.owasp.crypto;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.Cipher;
import java.security.Key;

import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import java.security.InvalidAlgorithmParameterException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;

import sun.misc.BASE64Encoder;

/**
* @author Joe Prasanna Kumar
* Este programa ofrece las funcionalidades criptográficas siguientes
* 1. Cifrado con AES
* 2. El descifrado con AES
*
* Algoritmo de alto nivel:
* 1. Generar una clave DES (especificar el tamaño de la clave durante esta fase)
* 2. Cree el Cipher
* 3. Para cifrar: Inicializar el cifrado para el cifrado
* 4. Para descifrar: Inicializar el cifrado para descifrar
*
*
*/

public class SymmetricEncrypt {

String strDataToEncrypt = new String();
String strCipherText = new String();
String strDecryptedText = new String();
static KeyGenerator keyGen;
private static String strHexVal = "0123456789abcdef";

public static SecretKey getSecret(){
/**
* Paso 1. Generación de una clave AES mediante keygenerator
* Inicializa el tamaño de clave de 128
*
*/

try{
keyGen = KeyGenerator.getInstance("AES");
keyGen.init(128);

}

catch(Exception exp)
{
System.out.println(" Exception inside constructor " +exp);
}

SecretKey secretKey = keyGen.generateKey();
return secretKey;
}

/**
* Paso 2. Crear un sistema de cifrado mediante la especificación de los siguientes parámetros
* a. Nombre del algoritmo - aquí es AES
*/

public byte[] encryptData(byte[] byteDataToEncrypt, Key secretKey, String Algorithm) {
byte[] byteCipherText = new byte[200];

try {
Cipher aesCipher = Cipher.getInstance(Algorithm);

/**
* Paso 3. Inicialice el cifrado para el cifrado
*/
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey);
}

/**
* Paso 4. Cifrar los datos
* 1. Declarar / inicializar los datos. Aquí los datos son de tipo String
* 2. Convertir el texto de entrada a Bytes
* 3. Cifrado de los bytes, utilizando el método doFinal
*/
byteCipherText = aesCipher.doFinal(byteDataToEncrypt);
strCipherText = new BASE64Encoder().encode(byteCipherText);

}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}
catch (Exception exp)
{
exp.printStackTrace();
}

return byteCipherText;
}
/**
* Paso 5. Descifrar los datos
* 1. Inicialice el cifrado para descifrar
* 2. Descifrar los bytes cifrados utilizando el método doFinal
*/

public byte[] decryptData(byte[] byteCipherText, Key secretKey, String Algorithm) {
byte[] byteDecryptedText = new byte[200];

try{
Cipher aesCipher = Cipher.getInstance(Algorithm);
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey);
}

byteDecryptedText = aesCipher.doFinal(byteCipherText);
strDecryptedText = new String(byteDecryptedText);
}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
invalidKey.printStackTrace();
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
badPadding.printStackTrace();
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}

catch (InvalidAlgorithmParameterException invalidParam)
{
System.out.println(" Invalid Parameter " + invalidParam);
}

return byteDecryptedText;
}

public static byte[] convertStringToByteArray(String strInput) {
strInput = strInput.toLowerCase();
byte[] byteConverted = new byte[(strInput.length() + 1) / 2];
int j = 0;
int interimVal;
int nibble = -1;

for (int i = 0; i < strInput.length(); ++i) {
interimVal = strHexVal.indexOf(strInput.charAt(i));
if (interimVal >= 0) {
if (nibble < 0) {
nibble = interimVal;
} else {
byteConverted[j++] = (byte) ((nibble << 4) + interimVal);
nibble = -1;
}
}
}

if (nibble >= 0) {
byteConverted[j++] = (byte) (nibble << 4);
}

if (j < byteConverted.length) {
byte[] byteTemp = new byte[j];
System.arraycopy(byteConverted, 0, byteTemp, 0, j);
byteConverted = byteTemp;
}

return byteConverted;
}

public static String convertByteArrayToString(byte[] block) {
StringBuffer buf = new StringBuffer();

for (int i = 0; i < block.length; ++i) {
buf.append(strHexVal.charAt((block[i] >>> 4) & 0xf));
buf.append(strHexVal.charAt(block[i] & 0xf));
}

return buf.toString();
}
}
</pre>

== Referencias ==

#Computer Security Arts and Science – Matt Bishop
#Core Security Patterns – Christopher Steele, Ray Lai and Ramesh Nagappan

[[Category:Java]]

'''Aplicaciones en Ambientes Libres'''

'''Tutor:''' Ing. Tito Armas

'''Traductoroas:''' Bravo Maria Jose y Portilla Maria Fernanda 2012

Implementacion De Firmas Digitales en Java

2016-05-25T20:38:05Z

Ledio5485: /* Algorithm to implement digital signature using the RSA algorithm */

== WARNING ==

Jim Manico recently brought to my attention this wiki page, the same who asked me to check exactly. In doing so, I noticed several errors and areas of weakness. Lately, I have the intention to revisit this page (hopefully with the help of one of the original owners), but I do not have time to do a full review at this time. Therefore, I will summarize the problems observed on this page and leaving you the decision to use or not, with these warnings.
 
#First, this page does not describe "digital signatures". Rather, it describes a concept known as "digital envelopes", which is a scheme used with objects such as S / MIME. Digital signatures not only encrypt the actual message text, only encrypts the hash of the message text.
#UTF-8 should be used to convert between Java byte strings and arrays to ensure adequate portability across different operating systems.
#The certificate chain must always be validated. In this example, the certificate is self-signed, so this is not relevant and will not be true in the normal case. Furthermore, it should be noted that the self-signed, but acceptable for demonstration purposes certificates is considered a dubious practice for production, as it opens the door to spoofing attacks.
#[http://www.nist.gov/ NIST] now recommends using key size 2048 bits for RSA or DSA keys.
#There is a consistent use of weak algorithms. Here are some suggested replacements:
## Use "RSA/ECB/OAEPWithSHA1AndMGF1Padding" instead of "RSA/ECB/PKCS1Padding".
## Use SHA1 (or better SHA256, SHA1 but at least) instead of MD5 for message digest.
## Use "SHA1withRSA" for the signature algorithm instead of "MD5withRSA".
## When creating a symmetric encryption system to encrypt the message text, use "AES / CBC / PKCS5Padding" and choose an IV random for each text message instead of simply using "AES", ending with "AES / ECB / PKCS5Padding ". ECB mode is extremely weak for a regular plain text. (OK for random bit encryption, however, is well used with RSA.) However, the use CBC and PKCS5Padding could make it vulnerable to "Padding Oracle" attacks, so caution is advised. You can use Encryptor 2.0 ESAPI 's to avoid it. (Note also, this part is the concept of "on digital". If this page was really limited by "digital signatures" would not apply because it would be irrelevant.)
 
I hope to get soonest, before cleaning this wiki page. Meanwhile, email me your questions.
 
-Kevin Wall

== Overview ==

This article presents a brief overview of the concepts involved with digital signatures and provides code examples for the application of digital signatures in Java using the [http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html Java Cryptography Architecture (JCA)].

=== What is a digital signature? ===

A digital signature is a concept that helps to get the non-repudiation of origin (ie, the integrity of Origin) data. By digitally signing the document, the person signing, says he is the author of the document or the signed message.

=== Need for Digital Signature ===

During the "E" revolution was a need for authentication of critical transactions especially in the financial world. If Alice agreed to transfer $ x to Bob, then there had to be a way for Bob to ensure that:

*It was Alice who performed the transaction and not someone else impersonating Alice (Authentication).
*The amount agreed by Alice is $ x (Integrity).
*Alice could not discuss his statement transaction $ x a Bob (Non-repudiation of origin).

These concerns were treated with a solution known as digital signatures. More background information on digital signatures can be found [http://en.wikipedia.org/wiki/Digital_signature here]

== Digital signatures in Java using JCA ==

Java Cryptography Architecture is a framework for accessing and developing cryptographic functionality for the Java platform. JCA provider implements cryptographic functionality such as digital signatures and message digests. The default JCA provider is SUN JDK 1.4.2.

=== Security considerations when implementing digital signature ===

Two major safety considerations that must be taken into account when applying digital signatures are:

#Sign the message and then encrypt the signed message.
#Sign the hash of the message instead of the entire message.

=== Performance considerations when implementing digital signature ===

Because asymmetric encryption algorithms such as RSA, DSA are computationally slower than symmetric encryption algorithms such as AES, it is a good practice, encrypt the actual message that is transmitted using a symmetric key algorithm and then encrypt the key that is used in symmetric key algorithm using an asymmetric key algorithm. For example, if you want to convey the message "Hello World Digital Signatures", then this message is first encrypted with a symmetric key, for example, an AES 128-bit key as x7oFaHSPnWxEMiZE/0qYrg and then this key is encrypted with an algorithm as RSA asymmetric key.

== Algorithm to implement digital signature using the RSA algorithm ==

The provider RSA Java implementation has a limitation in that encryption can be performed on the data length <= 117 bytes only. If the data is of a length> 117 bytes, it will launch a IllegalBlockSizeException: Data must have more than 117 bytes symmetry there has to be encrypted and then signed.

RSA PKCS # 1 algorithm can only encrypt data size k - 11, where k whose length is one byte and the RSA module 11 is the number of bytes used by the filling PCKS # 1 v1.5. Therefore, if we use an RSA key size of 1024 bits, we could encrypt only 128-11 => 117 bytes of data. There are two options available to encrypt data byte size larger.

#We could use an RSA key length> 1024. For example, using 2048 bits, then we could encrypt 256-11 => 245 bytes of data. The disadvantage of this approach is that it would be capable of encoding data size> x bytes (in the above example x is 245).
#Analyze the input data chunks of bytes in size <117 and apply encryption on each piece. The code example of this approach can be found [http://www.aviransplace.com/2004/10/12/using-rsa-encryption-with-java/3/ here].

Both approaches could affect performance since the RSA key larger or approach of [https://en.wikipedia.org/wiki/Divide_and_conquer_algorithms "divide and conquer"] of input bytes are computationally expensive.

=== Algorithm ===

With the foregoing, the following algorithm can be used for the implementation of public key cryptography in Java.

#Encrypt the message using a symmetric key
#Concatenate the symmetric key + symmetric hash + hash key message.
#Encrypt the concatenated string with the public key of the recipient.
#Sign data to be transmitted (encrypted symmetric key + the + Hash hash key message).
#Validate the signature.
#Deciphering the message with the recipient's private key to obtain the symmetric key.
#Validate the integrity of the key using the hash key.
#It decipher the real message using the symmetric key that has been decrypted, analyzed and integrity checks.
#Calculate MessageDigest of data.
#Validate whether the message digest decrypted text matches the message digest of the original message.

=== Comandos para la generación de claves ===

prompt# keytool -genkey -alias testsender -keystore testkeystore.ks -keyalg RSA Enter keystore password: testpwd What is your first and last name?

[Unknown]: Alice Sender

¿Cuál es su nombre y apellido?

[Unknown]: IT

¿Cuál es el nombre de la unidad organizativa?

[Unknown]: ABC Inc

¿Cuál es el nombre de su organización?

[Unknown]: LA

¿Cuál es el nombre de su ciudad o localidad?

[Unknown]: CA

¿Cuál es el nombre de su estado o provincia?

[Unknown]: US

Es CN = Alice Sender, OU = IT, O = ABC Inc, L = LA, ST = CA, C = EE.UU. correcto?

[no]: y

Introduzca la contraseña clave para <testsender>

(RETURN if same as keystore password): send123

prompt # keytool -genkey -alias testrecv -keystore testkeystore.ks -keyalg RSA Introduzca la contraseña del almacén de claves: testpwd
¿Cuál es su nombre y apellido?

[Unknown]: Bob Receiver

¿Cuál es el nombre de la unidad organizativa?

[Unknown]: HR

¿Cuál es el nombre de su organización?

[Unknown]: ABC Inc

¿Cuál es el nombre de su ciudad o localidad?

[Unknown]: SFO

¿Cuál es el nombre de su estado o provincia?

[Unknown]: CA

¿Qué es el código de país de dos letras para esta unidad?

[Unknown]: US

Es CN = Bob receptor, OU = HR, O = ABC Inc, L = SFO, ST = CA, C = EE.UU. correcto?

[no]: y

Introduzca la contraseña clave para <testrecv>

(RETURN if same as keystore password): recv123

=== Ejemplo de Código ===

==== PublicKeyCryptography.java ====
<pre>package org.owasp.crypto;

import java.security.*;
import java.security.cert.*;
import javax.crypto.*;
import sun.misc.BASE64Encoder;
import sun.misc.BASE64Decoder;

/**
*
* @author Joe Prasanna Kumar
*
* 1. Cifrar los datos utilizando una clave simétrica
* 2. Cifrar la clave simétrica con la clave pública Receptores
* 3. Crear un resumen del mensaje de los datos a transmitir
* 4. Firma el mensaje a transmitir
* 5. Envíe los datos a través de un canal no seguro
* 6. Validar la firma
* 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
* 8. Descifrar los datos usando la clave simétrica
* 9. Calcule MessageDigest de datos + mensaje firmado
* 10.Valide si la síntesis del mensaje del texto descifrado coincide con el resumen de mensaje del mensaje original
*
*/

public class PublicKeyCryptography {

/**
* @param args
*/
public static void main(String[] args) {

SymmetricEncrypt encryptUtil = new SymmetricEncrypt();
String strDataToEncrypt = "Hello World";
byte[] byteDataToTransmit = strDataToEncrypt.getBytes();

// Generación de un SecretKey para el cifrado simétrico
SecretKey senderSecretKey = SymmetricEncrypt.getSecret();

//1. Cifrar los datos utilizando una clave simétrica
byte[] byteCipherText = encryptUtil.encryptData(byteDataToTransmit,senderSecretKey,"AES");
String strCipherText = new BASE64Encoder().encode(byteCipherText);

//2. Cifrar la clave simétrica con la clave pública
try{
// 2.1 Especifique el almacén de claves que se haya importado el certificado Receptores
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
char [] password = "testpwd".toCharArray();
java.io.FileInputStream fis = new java.io.FileInputStream("/home/Joebi/workspace/OWASP_Crypto/org/owasp/crypto/testkeystore.ks");
ks.load(fis, password);
fis.close();

// 2.2 Creación de un certificado X509 del receptor
X509Certificate recvcert ;
MessageDigest md = MessageDigest.getInstance("MD5");
recvcert = (X509Certificate)ks.getCertificate("testrecv");
// 2.3 Obtención de la llave pública de los certificados
PublicKey pubKeyReceiver = recvcert.getPublicKey();

// 2.4 Cifrado de la SecretKey con la clave pública Receptores
byte[] byteEncryptWithPublicKey = encryptUtil.encryptData(senderSecretKey.getEncoded(),pubKeyReceiver,"RSA/ECB/PKCS1Padding");
String strSenbyteEncryptWithPublicKey = new BASE64Encoder().encode(byteEncryptWithPublicKey);

// 3. Crear un resumen del mensaje de los datos a transmitir
md.update(byteDataToTransmit);
byte byteMDofDataToTransmit[] = md.digest();

String strMDofDataToTransmit = new String();
for (int i = 0; i < byteMDofDataToTransmit.length; i++){
strMDofDataToTransmit = strMDofDataToTransmit + Integer.toHexString((int)byteMDofDataToTransmit[i] & 0xFF) ;
}

// 3.1 Mensaje que se Firmado = clave secreta cifrada + MAC de los datos a transmitir
String strMsgToSign = strSenbyteEncryptWithPublicKey + "|" + strMDofDataToTransmit;

// 4. Firma el mensaje
// 4.1 Obtener la clave privada del remitente desde el almacén de claves, proporcionando la contraseña establecida para la llave privada mientras se crea las llaves usados.
char[] keypassword = "send123".toCharArray();
Key myKey = ks.getKey("testsender", keypassword);
PrivateKey myPrivateKey = (PrivateKey)myKey;

// 4.2 Firmar el mensaje
Signature mySign = Signature.getInstance("MD5withRSA");
mySign.initSign(myPrivateKey);
mySign.update(strMsgToSign.getBytes());
byte[] byteSignedData = mySign.sign();

// 5. Los valores byteSignedData (la firma) y strMsgToSign (los datos que se firmó) se pueden enviar a través del receptor

// 6. Validar la firma
// 6.1 Extraer la clave pública de su certificado de remitentes
X509Certificate sendercert ;
sendercert = (X509Certificate)ks.getCertificate("testsender");
PublicKey pubKeySender = sendercert.getPublicKey();
// 6.2 Verificar la Firma
Signature myVerifySign = Signature.getInstance("MD5withRSA");
myVerifySign.initVerify(pubKeySender);
myVerifySign.update(strMsgToSign.getBytes());

boolean verifySign = myVerifySign.verify(byteSignedData);
if (verifySign == false)
{
System.out.println(" Error in validating Signature ");
}

else
System.out.println(" Successfully validated Signature ");

// 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
char[] recvpassword = "recv123".toCharArray();
Key recvKey = ks.getKey("testrecv", recvpassword);
PrivateKey recvPrivateKey = (PrivateKey)recvKey;

// Analizar el MessageDigest y el valor cifrado
String strRecvSignedData = new String (byteSignedData);
String[] strRecvSignedDataArray = new String [10];
strRecvSignedDataArray = strMsgToSign.split("|");
int intindexofsep = strMsgToSign.indexOf("|");
String strEncryptWithPublicKey = strMsgToSign.substring(0,intindexofsep);
String strHashOfData = strMsgToSign.substring(intindexofsep+1);

// Descifrado para obtener la clave simétrica
byte[] bytestrEncryptWithPublicKey = new BASE64Decoder().decodeBuffer(strEncryptWithPublicKey);
byte[] byteDecryptWithPrivateKey = encryptUtil.decryptData(byteEncryptWithPublicKey,recvPrivateKey,"RSA/ECB/PKCS1Padding");

// 8. Descifrar los datos usando la clave simétrica
javax.crypto.spec.SecretKeySpec secretKeySpecDecrypted = new javax.crypto.spec.SecretKeySpec(byteDecryptWithPrivateKey,"AES");
byte[] byteDecryptText = encryptUtil.decryptData(byteCipherText,secretKeySpecDecrypted,"AES");
String strDecryptedText = new String(byteDecryptText);
System.out.println(" Decrypted data is " +strDecryptedText);

// 9. Calcule MessageDigest de datos + mensaje firmado
MessageDigest recvmd = MessageDigest.getInstance("MD5");
recvmd.update(byteDecryptText);
byte byteHashOfRecvSignedData[] = recvmd.digest();

String strHashOfRecvSignedData = new String();

for (int i = 0; i < byteHashOfRecvSignedData.length; i++){
strHashOfRecvSignedData = strHashOfRecvSignedData + Integer.toHexString((int)byteHashOfRecvSignedData[i] & 0xFF) ;
}
// 10. Validar si la síntesis del mensaje del texto coincide con el mensaje descifrado
Digest of the Original Message

if (!strHashOfRecvSignedData.equals(strHashOfData))
{
System.out.println(" Message has been tampered ");
}

}

catch(Exception exp)
{
System.out.println(" Exception caught " + exp);
exp.printStackTrace();
}

}

}
</pre>
==== SymmetricEncrypt.java ====
<pre>package org.owasp.crypto;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.Cipher;
import java.security.Key;

import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import java.security.InvalidAlgorithmParameterException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;

import sun.misc.BASE64Encoder;

/**
* @author Joe Prasanna Kumar
* Este programa ofrece las funcionalidades criptográficas siguientes
* 1. Cifrado con AES
* 2. El descifrado con AES
*
* Algoritmo de alto nivel:
* 1. Generar una clave DES (especificar el tamaño de la clave durante esta fase)
* 2. Cree el Cipher
* 3. Para cifrar: Inicializar el cifrado para el cifrado
* 4. Para descifrar: Inicializar el cifrado para descifrar
*
*
*/

public class SymmetricEncrypt {

String strDataToEncrypt = new String();
String strCipherText = new String();
String strDecryptedText = new String();
static KeyGenerator keyGen;
private static String strHexVal = "0123456789abcdef";

public static SecretKey getSecret(){
/**
* Paso 1. Generación de una clave AES mediante keygenerator
* Inicializa el tamaño de clave de 128
*
*/

try{
keyGen = KeyGenerator.getInstance("AES");
keyGen.init(128);

}

catch(Exception exp)
{
System.out.println(" Exception inside constructor " +exp);
}

SecretKey secretKey = keyGen.generateKey();
return secretKey;
}

/**
* Paso 2. Crear un sistema de cifrado mediante la especificación de los siguientes parámetros
* a. Nombre del algoritmo - aquí es AES
*/

public byte[] encryptData(byte[] byteDataToEncrypt, Key secretKey, String Algorithm) {
byte[] byteCipherText = new byte[200];

try {
Cipher aesCipher = Cipher.getInstance(Algorithm);

/**
* Paso 3. Inicialice el cifrado para el cifrado
*/
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey);
}

/**
* Paso 4. Cifrar los datos
* 1. Declarar / inicializar los datos. Aquí los datos son de tipo String
* 2. Convertir el texto de entrada a Bytes
* 3. Cifrado de los bytes, utilizando el método doFinal
*/
byteCipherText = aesCipher.doFinal(byteDataToEncrypt);
strCipherText = new BASE64Encoder().encode(byteCipherText);

}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}
catch (Exception exp)
{
exp.printStackTrace();
}

return byteCipherText;
}
/**
* Paso 5. Descifrar los datos
* 1. Inicialice el cifrado para descifrar
* 2. Descifrar los bytes cifrados utilizando el método doFinal
*/

public byte[] decryptData(byte[] byteCipherText, Key secretKey, String Algorithm) {
byte[] byteDecryptedText = new byte[200];

try{
Cipher aesCipher = Cipher.getInstance(Algorithm);
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey);
}

byteDecryptedText = aesCipher.doFinal(byteCipherText);
strDecryptedText = new String(byteDecryptedText);
}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
invalidKey.printStackTrace();
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
badPadding.printStackTrace();
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}

catch (InvalidAlgorithmParameterException invalidParam)
{
System.out.println(" Invalid Parameter " + invalidParam);
}

return byteDecryptedText;
}

public static byte[] convertStringToByteArray(String strInput) {
strInput = strInput.toLowerCase();
byte[] byteConverted = new byte[(strInput.length() + 1) / 2];
int j = 0;
int interimVal;
int nibble = -1;

for (int i = 0; i < strInput.length(); ++i) {
interimVal = strHexVal.indexOf(strInput.charAt(i));
if (interimVal >= 0) {
if (nibble < 0) {
nibble = interimVal;
} else {
byteConverted[j++] = (byte) ((nibble << 4) + interimVal);
nibble = -1;
}
}
}

if (nibble >= 0) {
byteConverted[j++] = (byte) (nibble << 4);
}

if (j < byteConverted.length) {
byte[] byteTemp = new byte[j];
System.arraycopy(byteConverted, 0, byteTemp, 0, j);
byteConverted = byteTemp;
}

return byteConverted;
}

public static String convertByteArrayToString(byte[] block) {
StringBuffer buf = new StringBuffer();

for (int i = 0; i < block.length; ++i) {
buf.append(strHexVal.charAt((block[i] >>> 4) & 0xf));
buf.append(strHexVal.charAt(block[i] & 0xf));
}

return buf.toString();
}
}
</pre>

== Referencias ==

#Computer Security Arts and Science – Matt Bishop
#Core Security Patterns – Christopher Steele, Ray Lai and Ramesh Nagappan

[[Category:Java]]

'''Aplicaciones en Ambientes Libres'''

'''Tutor:''' Ing. Tito Armas

'''Traductoroas:''' Bravo Maria Jose y Portilla Maria Fernanda 2012

Implementacion De Firmas Digitales en Java

2016-05-25T20:24:13Z

Ledio5485: /* Digital signatures in Java using JCA */

== WARNING ==

Jim Manico recently brought to my attention this wiki page, the same who asked me to check exactly. In doing so, I noticed several errors and areas of weakness. Lately, I have the intention to revisit this page (hopefully with the help of one of the original owners), but I do not have time to do a full review at this time. Therefore, I will summarize the problems observed on this page and leaving you the decision to use or not, with these warnings.
 
#First, this page does not describe "digital signatures". Rather, it describes a concept known as "digital envelopes", which is a scheme used with objects such as S / MIME. Digital signatures not only encrypt the actual message text, only encrypts the hash of the message text.
#UTF-8 should be used to convert between Java byte strings and arrays to ensure adequate portability across different operating systems.
#The certificate chain must always be validated. In this example, the certificate is self-signed, so this is not relevant and will not be true in the normal case. Furthermore, it should be noted that the self-signed, but acceptable for demonstration purposes certificates is considered a dubious practice for production, as it opens the door to spoofing attacks.
#[http://www.nist.gov/ NIST] now recommends using key size 2048 bits for RSA or DSA keys.
#There is a consistent use of weak algorithms. Here are some suggested replacements:
## Use "RSA/ECB/OAEPWithSHA1AndMGF1Padding" instead of "RSA/ECB/PKCS1Padding".
## Use SHA1 (or better SHA256, SHA1 but at least) instead of MD5 for message digest.
## Use "SHA1withRSA" for the signature algorithm instead of "MD5withRSA".
## When creating a symmetric encryption system to encrypt the message text, use "AES / CBC / PKCS5Padding" and choose an IV random for each text message instead of simply using "AES", ending with "AES / ECB / PKCS5Padding ". ECB mode is extremely weak for a regular plain text. (OK for random bit encryption, however, is well used with RSA.) However, the use CBC and PKCS5Padding could make it vulnerable to "Padding Oracle" attacks, so caution is advised. You can use Encryptor 2.0 ESAPI 's to avoid it. (Note also, this part is the concept of "on digital". If this page was really limited by "digital signatures" would not apply because it would be irrelevant.)
 
I hope to get soonest, before cleaning this wiki page. Meanwhile, email me your questions.
 
-Kevin Wall

== Overview ==

This article presents a brief overview of the concepts involved with digital signatures and provides code examples for the application of digital signatures in Java using the [http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html Java Cryptography Architecture (JCA)].

=== What is a digital signature? ===

A digital signature is a concept that helps to get the non-repudiation of origin (ie, the integrity of Origin) data. By digitally signing the document, the person signing, says he is the author of the document or the signed message.

=== Need for Digital Signature ===

During the "E" revolution was a need for authentication of critical transactions especially in the financial world. If Alice agreed to transfer $ x to Bob, then there had to be a way for Bob to ensure that:

*It was Alice who performed the transaction and not someone else impersonating Alice (Authentication).
*The amount agreed by Alice is $ x (Integrity).
*Alice could not discuss his statement transaction $ x a Bob (Non-repudiation of origin).

These concerns were treated with a solution known as digital signatures. More background information on digital signatures can be found [http://en.wikipedia.org/wiki/Digital_signature here]

== Digital signatures in Java using JCA ==

Java Cryptography Architecture is a framework for accessing and developing cryptographic functionality for the Java platform. JCA provider implements cryptographic functionality such as digital signatures and message digests. The default JCA provider is SUN JDK 1.4.2.

=== Security considerations when implementing digital signature ===

Two major safety considerations that must be taken into account when applying digital signatures are:

#Sign the message and then encrypt the signed message.
#Sign the hash of the message instead of the entire message.

=== Performance considerations when implementing digital signature ===

Because asymmetric encryption algorithms such as RSA, DSA are computationally slower than symmetric encryption algorithms such as AES, it is a good practice, encrypt the actual message that is transmitted using a symmetric key algorithm and then encrypt the key that is used in symmetric key algorithm using an asymmetric key algorithm. For example, if you want to convey the message "Hello World Digital Signatures", then this message is first encrypted with a symmetric key, for example, an AES 128-bit key as x7oFaHSPnWxEMiZE/0qYrg and then this key is encrypted with an algorithm as RSA asymmetric key.

== Algoritmo para implementar la firma digital utilizando el algoritmo RSA ==

El proveedor de la implementación en Java RSA tiene una limitación en que el cifrado se puede realizar sólo en los datos de longitud <= 117 bytes. Si los datos son de longitud > 117 bytes, se lanzaría un IllegalBlockSizeException: Los datos no debe tener más de 117 bytes ahí la simetría tiene que ser cifrados y luego firmados.

El algoritmo RSA PKCS # 1 con relleno sólo puede cifrar los datos de tamaño k - 11 [http://www.rsa.com/rsalabs/node.asp?id=2125 1], donde k cuya longitud es de un octeto del módulo RSA y 11 es la cantidad de bytes utilizados por el relleno PCKS # 1 v1.5. Por lo tanto, si usamos una clave RSA de tamaño de 1024 bits, podríamos cifrar sólo 128 - 11 => 117 bytes de datos. Hay dos opciones disponibles para cifrar los datos de tamaño de byte más grande.

#Podríamos usar una clave RSA de longitud> 1024. Por ejemplo, si usamos 2048 bits, entonces podríamos cifrar 256-11 => 245 bytes de datos. La desventaja de este enfoque es que no sería capaz de codificar los datos de tamaño> x bytes (en el ejemplo anterior x es 245).
#Analizar los datos de entrada en trozos de bytes de tamaño <117 y aplicar la encriptación en cada trozo. El código de ejemplo de este enfoque se puede encontrar aquí [http://www.aviransplace.com/2004/10/12/using-rsa-encryption-with-java/3/ here].

Ambos enfoques podrían afectar al rendimiento ya que la clave RSA de mayor tamaño o un enfoque de "divide y vencerás" de bytes de entrada son computacionalmente costosa.

=== Algoritmo ===

Con las anteriores consideraciones, el algoritmo siguiente puede ser usado para la implementación de la criptografía de clave pública en Java.

#Cifrar el mensaje utilizando una clave simétrica
#Concatenar la clave simétrica + hash de clave simétrica + hash del mensaje.
#Cifrar la cadena concatenada con la clave pública de los receptores.
#Firmar los datos a transmitir (clave simétrica cifrada + Hash de la tecla + Hash del mensaje).
#Validar la firma.
#Descifrar el mensaje con la clave privada del receptor para obtener la clave simétrica.
#Validar la integridad de la clave utilizando el hash de la clave.
#Descifrar el mensaje real usando la clave simétrica que se ha descifrado, se analiza y se comprueba la integridad.
#Calcular MessageDigest de datos.
#Validar si la síntesis del mensaje del texto descifrado coincide con el resumen de mensaje del mensaje original.

=== Comandos para la generación de claves ===

prompt# keytool -genkey -alias testsender -keystore testkeystore.ks -keyalg RSA Enter keystore password: testpwd What is your first and last name?

[Unknown]: Alice Sender

¿Cuál es su nombre y apellido?

[Unknown]: IT

¿Cuál es el nombre de la unidad organizativa?

[Unknown]: ABC Inc

¿Cuál es el nombre de su organización?

[Unknown]: LA

¿Cuál es el nombre de su ciudad o localidad?

[Unknown]: CA

¿Cuál es el nombre de su estado o provincia?

[Unknown]: US

Es CN = Alice Sender, OU = IT, O = ABC Inc, L = LA, ST = CA, C = EE.UU. correcto?

[no]: y

Introduzca la contraseña clave para <testsender>

(RETURN if same as keystore password): send123

prompt # keytool -genkey -alias testrecv -keystore testkeystore.ks -keyalg RSA Introduzca la contraseña del almacén de claves: testpwd
¿Cuál es su nombre y apellido?

[Unknown]: Bob Receiver

¿Cuál es el nombre de la unidad organizativa?

[Unknown]: HR

¿Cuál es el nombre de su organización?

[Unknown]: ABC Inc

¿Cuál es el nombre de su ciudad o localidad?

[Unknown]: SFO

¿Cuál es el nombre de su estado o provincia?

[Unknown]: CA

¿Qué es el código de país de dos letras para esta unidad?

[Unknown]: US

Es CN = Bob receptor, OU = HR, O = ABC Inc, L = SFO, ST = CA, C = EE.UU. correcto?

[no]: y

Introduzca la contraseña clave para <testrecv>

(RETURN if same as keystore password): recv123

=== Ejemplo de Código ===

==== PublicKeyCryptography.java ====
<pre>package org.owasp.crypto;

import java.security.*;
import java.security.cert.*;
import javax.crypto.*;
import sun.misc.BASE64Encoder;
import sun.misc.BASE64Decoder;

/**
*
* @author Joe Prasanna Kumar
*
* 1. Cifrar los datos utilizando una clave simétrica
* 2. Cifrar la clave simétrica con la clave pública Receptores
* 3. Crear un resumen del mensaje de los datos a transmitir
* 4. Firma el mensaje a transmitir
* 5. Envíe los datos a través de un canal no seguro
* 6. Validar la firma
* 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
* 8. Descifrar los datos usando la clave simétrica
* 9. Calcule MessageDigest de datos + mensaje firmado
* 10.Valide si la síntesis del mensaje del texto descifrado coincide con el resumen de mensaje del mensaje original
*
*/

public class PublicKeyCryptography {

/**
* @param args
*/
public static void main(String[] args) {

SymmetricEncrypt encryptUtil = new SymmetricEncrypt();
String strDataToEncrypt = "Hello World";
byte[] byteDataToTransmit = strDataToEncrypt.getBytes();

// Generación de un SecretKey para el cifrado simétrico
SecretKey senderSecretKey = SymmetricEncrypt.getSecret();

//1. Cifrar los datos utilizando una clave simétrica
byte[] byteCipherText = encryptUtil.encryptData(byteDataToTransmit,senderSecretKey,"AES");
String strCipherText = new BASE64Encoder().encode(byteCipherText);

//2. Cifrar la clave simétrica con la clave pública
try{
// 2.1 Especifique el almacén de claves que se haya importado el certificado Receptores
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
char [] password = "testpwd".toCharArray();
java.io.FileInputStream fis = new java.io.FileInputStream("/home/Joebi/workspace/OWASP_Crypto/org/owasp/crypto/testkeystore.ks");
ks.load(fis, password);
fis.close();

// 2.2 Creación de un certificado X509 del receptor
X509Certificate recvcert ;
MessageDigest md = MessageDigest.getInstance("MD5");
recvcert = (X509Certificate)ks.getCertificate("testrecv");
// 2.3 Obtención de la llave pública de los certificados
PublicKey pubKeyReceiver = recvcert.getPublicKey();

// 2.4 Cifrado de la SecretKey con la clave pública Receptores
byte[] byteEncryptWithPublicKey = encryptUtil.encryptData(senderSecretKey.getEncoded(),pubKeyReceiver,"RSA/ECB/PKCS1Padding");
String strSenbyteEncryptWithPublicKey = new BASE64Encoder().encode(byteEncryptWithPublicKey);

// 3. Crear un resumen del mensaje de los datos a transmitir
md.update(byteDataToTransmit);
byte byteMDofDataToTransmit[] = md.digest();

String strMDofDataToTransmit = new String();
for (int i = 0; i < byteMDofDataToTransmit.length; i++){
strMDofDataToTransmit = strMDofDataToTransmit + Integer.toHexString((int)byteMDofDataToTransmit[i] & 0xFF) ;
}

// 3.1 Mensaje que se Firmado = clave secreta cifrada + MAC de los datos a transmitir
String strMsgToSign = strSenbyteEncryptWithPublicKey + "|" + strMDofDataToTransmit;

// 4. Firma el mensaje
// 4.1 Obtener la clave privada del remitente desde el almacén de claves, proporcionando la contraseña establecida para la llave privada mientras se crea las llaves usados.
char[] keypassword = "send123".toCharArray();
Key myKey = ks.getKey("testsender", keypassword);
PrivateKey myPrivateKey = (PrivateKey)myKey;

// 4.2 Firmar el mensaje
Signature mySign = Signature.getInstance("MD5withRSA");
mySign.initSign(myPrivateKey);
mySign.update(strMsgToSign.getBytes());
byte[] byteSignedData = mySign.sign();

// 5. Los valores byteSignedData (la firma) y strMsgToSign (los datos que se firmó) se pueden enviar a través del receptor

// 6. Validar la firma
// 6.1 Extraer la clave pública de su certificado de remitentes
X509Certificate sendercert ;
sendercert = (X509Certificate)ks.getCertificate("testsender");
PublicKey pubKeySender = sendercert.getPublicKey();
// 6.2 Verificar la Firma
Signature myVerifySign = Signature.getInstance("MD5withRSA");
myVerifySign.initVerify(pubKeySender);
myVerifySign.update(strMsgToSign.getBytes());

boolean verifySign = myVerifySign.verify(byteSignedData);
if (verifySign == false)
{
System.out.println(" Error in validating Signature ");
}

else
System.out.println(" Successfully validated Signature ");

// 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
char[] recvpassword = "recv123".toCharArray();
Key recvKey = ks.getKey("testrecv", recvpassword);
PrivateKey recvPrivateKey = (PrivateKey)recvKey;

// Analizar el MessageDigest y el valor cifrado
String strRecvSignedData = new String (byteSignedData);
String[] strRecvSignedDataArray = new String [10];
strRecvSignedDataArray = strMsgToSign.split("|");
int intindexofsep = strMsgToSign.indexOf("|");
String strEncryptWithPublicKey = strMsgToSign.substring(0,intindexofsep);
String strHashOfData = strMsgToSign.substring(intindexofsep+1);

// Descifrado para obtener la clave simétrica
byte[] bytestrEncryptWithPublicKey = new BASE64Decoder().decodeBuffer(strEncryptWithPublicKey);
byte[] byteDecryptWithPrivateKey = encryptUtil.decryptData(byteEncryptWithPublicKey,recvPrivateKey,"RSA/ECB/PKCS1Padding");

// 8. Descifrar los datos usando la clave simétrica
javax.crypto.spec.SecretKeySpec secretKeySpecDecrypted = new javax.crypto.spec.SecretKeySpec(byteDecryptWithPrivateKey,"AES");
byte[] byteDecryptText = encryptUtil.decryptData(byteCipherText,secretKeySpecDecrypted,"AES");
String strDecryptedText = new String(byteDecryptText);
System.out.println(" Decrypted data is " +strDecryptedText);

// 9. Calcule MessageDigest de datos + mensaje firmado
MessageDigest recvmd = MessageDigest.getInstance("MD5");
recvmd.update(byteDecryptText);
byte byteHashOfRecvSignedData[] = recvmd.digest();

String strHashOfRecvSignedData = new String();

for (int i = 0; i < byteHashOfRecvSignedData.length; i++){
strHashOfRecvSignedData = strHashOfRecvSignedData + Integer.toHexString((int)byteHashOfRecvSignedData[i] & 0xFF) ;
}
// 10. Validar si la síntesis del mensaje del texto coincide con el mensaje descifrado
Digest of the Original Message

if (!strHashOfRecvSignedData.equals(strHashOfData))
{
System.out.println(" Message has been tampered ");
}

}

catch(Exception exp)
{
System.out.println(" Exception caught " + exp);
exp.printStackTrace();
}

}

}
</pre>
==== SymmetricEncrypt.java ====
<pre>package org.owasp.crypto;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.Cipher;
import java.security.Key;

import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import java.security.InvalidAlgorithmParameterException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;

import sun.misc.BASE64Encoder;

/**
* @author Joe Prasanna Kumar
* Este programa ofrece las funcionalidades criptográficas siguientes
* 1. Cifrado con AES
* 2. El descifrado con AES
*
* Algoritmo de alto nivel:
* 1. Generar una clave DES (especificar el tamaño de la clave durante esta fase)
* 2. Cree el Cipher
* 3. Para cifrar: Inicializar el cifrado para el cifrado
* 4. Para descifrar: Inicializar el cifrado para descifrar
*
*
*/

public class SymmetricEncrypt {

String strDataToEncrypt = new String();
String strCipherText = new String();
String strDecryptedText = new String();
static KeyGenerator keyGen;
private static String strHexVal = "0123456789abcdef";

public static SecretKey getSecret(){
/**
* Paso 1. Generación de una clave AES mediante keygenerator
* Inicializa el tamaño de clave de 128
*
*/

try{
keyGen = KeyGenerator.getInstance("AES");
keyGen.init(128);

}

catch(Exception exp)
{
System.out.println(" Exception inside constructor " +exp);
}

SecretKey secretKey = keyGen.generateKey();
return secretKey;
}

/**
* Paso 2. Crear un sistema de cifrado mediante la especificación de los siguientes parámetros
* a. Nombre del algoritmo - aquí es AES
*/

public byte[] encryptData(byte[] byteDataToEncrypt, Key secretKey, String Algorithm) {
byte[] byteCipherText = new byte[200];

try {
Cipher aesCipher = Cipher.getInstance(Algorithm);

/**
* Paso 3. Inicialice el cifrado para el cifrado
*/
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey);
}

/**
* Paso 4. Cifrar los datos
* 1. Declarar / inicializar los datos. Aquí los datos son de tipo String
* 2. Convertir el texto de entrada a Bytes
* 3. Cifrado de los bytes, utilizando el método doFinal
*/
byteCipherText = aesCipher.doFinal(byteDataToEncrypt);
strCipherText = new BASE64Encoder().encode(byteCipherText);

}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}
catch (Exception exp)
{
exp.printStackTrace();
}

return byteCipherText;
}
/**
* Paso 5. Descifrar los datos
* 1. Inicialice el cifrado para descifrar
* 2. Descifrar los bytes cifrados utilizando el método doFinal
*/

public byte[] decryptData(byte[] byteCipherText, Key secretKey, String Algorithm) {
byte[] byteDecryptedText = new byte[200];

try{
Cipher aesCipher = Cipher.getInstance(Algorithm);
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey);
}

byteDecryptedText = aesCipher.doFinal(byteCipherText);
strDecryptedText = new String(byteDecryptedText);
}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
invalidKey.printStackTrace();
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
badPadding.printStackTrace();
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}

catch (InvalidAlgorithmParameterException invalidParam)
{
System.out.println(" Invalid Parameter " + invalidParam);
}

return byteDecryptedText;
}

public static byte[] convertStringToByteArray(String strInput) {
strInput = strInput.toLowerCase();
byte[] byteConverted = new byte[(strInput.length() + 1) / 2];
int j = 0;
int interimVal;
int nibble = -1;

for (int i = 0; i < strInput.length(); ++i) {
interimVal = strHexVal.indexOf(strInput.charAt(i));
if (interimVal >= 0) {
if (nibble < 0) {
nibble = interimVal;
} else {
byteConverted[j++] = (byte) ((nibble << 4) + interimVal);
nibble = -1;
}
}
}

if (nibble >= 0) {
byteConverted[j++] = (byte) (nibble << 4);
}

if (j < byteConverted.length) {
byte[] byteTemp = new byte[j];
System.arraycopy(byteConverted, 0, byteTemp, 0, j);
byteConverted = byteTemp;
}

return byteConverted;
}

public static String convertByteArrayToString(byte[] block) {
StringBuffer buf = new StringBuffer();

for (int i = 0; i < block.length; ++i) {
buf.append(strHexVal.charAt((block[i] >>> 4) & 0xf));
buf.append(strHexVal.charAt(block[i] & 0xf));
}

return buf.toString();
}
}
</pre>
== Referencias ==

#Computer Security Arts and Science – Matt Bishop
#Core Security Patterns – Christopher Steele, Ray Lai and Ramesh Nagappan

[[Category:Java]]

'''Aplicaciones en Ambientes Libres'''

'''Tutor:''' Ing. Tito Armas

'''Traductoroas:''' Bravo Maria Jose y Portilla Maria Fernanda 2012

Implementacion De Firmas Digitales en Java

2016-05-25T20:19:26Z

Ledio5485: /* Need for Digital Signature */

== WARNING ==

Jim Manico recently brought to my attention this wiki page, the same who asked me to check exactly. In doing so, I noticed several errors and areas of weakness. Lately, I have the intention to revisit this page (hopefully with the help of one of the original owners), but I do not have time to do a full review at this time. Therefore, I will summarize the problems observed on this page and leaving you the decision to use or not, with these warnings.
 
#First, this page does not describe "digital signatures". Rather, it describes a concept known as "digital envelopes", which is a scheme used with objects such as S / MIME. Digital signatures not only encrypt the actual message text, only encrypts the hash of the message text.
#UTF-8 should be used to convert between Java byte strings and arrays to ensure adequate portability across different operating systems.
#The certificate chain must always be validated. In this example, the certificate is self-signed, so this is not relevant and will not be true in the normal case. Furthermore, it should be noted that the self-signed, but acceptable for demonstration purposes certificates is considered a dubious practice for production, as it opens the door to spoofing attacks.
#[http://www.nist.gov/ NIST] now recommends using key size 2048 bits for RSA or DSA keys.
#There is a consistent use of weak algorithms. Here are some suggested replacements:
## Use "RSA/ECB/OAEPWithSHA1AndMGF1Padding" instead of "RSA/ECB/PKCS1Padding".
## Use SHA1 (or better SHA256, SHA1 but at least) instead of MD5 for message digest.
## Use "SHA1withRSA" for the signature algorithm instead of "MD5withRSA".
## When creating a symmetric encryption system to encrypt the message text, use "AES / CBC / PKCS5Padding" and choose an IV random for each text message instead of simply using "AES", ending with "AES / ECB / PKCS5Padding ". ECB mode is extremely weak for a regular plain text. (OK for random bit encryption, however, is well used with RSA.) However, the use CBC and PKCS5Padding could make it vulnerable to "Padding Oracle" attacks, so caution is advised. You can use Encryptor 2.0 ESAPI 's to avoid it. (Note also, this part is the concept of "on digital". If this page was really limited by "digital signatures" would not apply because it would be irrelevant.)
 
I hope to get soonest, before cleaning this wiki page. Meanwhile, email me your questions.
 
-Kevin Wall

== Overview ==

This article presents a brief overview of the concepts involved with digital signatures and provides code examples for the application of digital signatures in Java using the [http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html Java Cryptography Architecture (JCA)].

=== What is a digital signature? ===

A digital signature is a concept that helps to get the non-repudiation of origin (ie, the integrity of Origin) data. By digitally signing the document, the person signing, says he is the author of the document or the signed message.

=== Need for Digital Signature ===

During the "E" revolution was a need for authentication of critical transactions especially in the financial world. If Alice agreed to transfer $ x to Bob, then there had to be a way for Bob to ensure that:

*It was Alice who performed the transaction and not someone else impersonating Alice (Authentication).
*The amount agreed by Alice is $ x (Integrity).
*Alice could not discuss his statement transaction $ x a Bob (Non-repudiation of origin).

These concerns were treated with a solution known as digital signatures. More background information on digital signatures can be found [http://en.wikipedia.org/wiki/Digital_signature here]

== Firmas digitales en Java utilizando JCA ==

La Arquitectura de Java Cryptography es un marco para el acceso y el desarrollo de la funcionalidad criptográfica para la plataforma Java. Un proveedor de JCA implementa las funcionalidades criptográficas como firmas digitales y compendios de mensajes. El proveedor predeterminado JCA en JDK 1.4.2 es SUN.

=== Consideraciones de seguridad al implementar la firma digital ===

Dos consideraciones principales de seguridad que se deben tener en cuenta al aplicar firmas digitales son:

#Firma el mensaje y, a continuación cifrar el mensaje firmado.
#Firma el hash del mensaje en lugar del mensaje completo.

=== Consideraciones sobre el rendimiento al implementar la firma digital ===

Dado que los algoritmos de cifrado asimétricos, como RSA, DSA son computacionalmente más lento que los algoritmos de cifrado simétricos como AES, es una buena práctica, cifrar el mensaje real que se transmite utilizando un algoritmo de clave simétrica y luego cifrar la clave que se utiliza en el algoritmo de clave simétrica utilizando un algoritmo de clave asimétrica. Por ejemplo: si se quiere transmitir el mensaje "Hola Mundo de Firmas Digitales", entonces primero se cifra este mensaje con una clave simétrica, por ejemplo una clave AES de 128 bits como x7oFaHSPnWxEMiZE/0qYrg y luego se cifra esta clave con un algoritmo de clave asimétrica como RSA.

== Algoritmo para implementar la firma digital utilizando el algoritmo RSA ==

El proveedor de la implementación en Java RSA tiene una limitación en que el cifrado se puede realizar sólo en los datos de longitud <= 117 bytes. Si los datos son de longitud > 117 bytes, se lanzaría un IllegalBlockSizeException: Los datos no debe tener más de 117 bytes ahí la simetría tiene que ser cifrados y luego firmados.

El algoritmo RSA PKCS # 1 con relleno sólo puede cifrar los datos de tamaño k - 11 [http://www.rsa.com/rsalabs/node.asp?id=2125 1], donde k cuya longitud es de un octeto del módulo RSA y 11 es la cantidad de bytes utilizados por el relleno PCKS # 1 v1.5. Por lo tanto, si usamos una clave RSA de tamaño de 1024 bits, podríamos cifrar sólo 128 - 11 => 117 bytes de datos. Hay dos opciones disponibles para cifrar los datos de tamaño de byte más grande.

#Podríamos usar una clave RSA de longitud> 1024. Por ejemplo, si usamos 2048 bits, entonces podríamos cifrar 256-11 => 245 bytes de datos. La desventaja de este enfoque es que no sería capaz de codificar los datos de tamaño> x bytes (en el ejemplo anterior x es 245).
#Analizar los datos de entrada en trozos de bytes de tamaño <117 y aplicar la encriptación en cada trozo. El código de ejemplo de este enfoque se puede encontrar aquí [http://www.aviransplace.com/2004/10/12/using-rsa-encryption-with-java/3/ here].

Ambos enfoques podrían afectar al rendimiento ya que la clave RSA de mayor tamaño o un enfoque de "divide y vencerás" de bytes de entrada son computacionalmente costosa.

=== Algoritmo ===

Con las anteriores consideraciones, el algoritmo siguiente puede ser usado para la implementación de la criptografía de clave pública en Java.

#Cifrar el mensaje utilizando una clave simétrica
#Concatenar la clave simétrica + hash de clave simétrica + hash del mensaje.
#Cifrar la cadena concatenada con la clave pública de los receptores.
#Firmar los datos a transmitir (clave simétrica cifrada + Hash de la tecla + Hash del mensaje).
#Validar la firma.
#Descifrar el mensaje con la clave privada del receptor para obtener la clave simétrica.
#Validar la integridad de la clave utilizando el hash de la clave.
#Descifrar el mensaje real usando la clave simétrica que se ha descifrado, se analiza y se comprueba la integridad.
#Calcular MessageDigest de datos.
#Validar si la síntesis del mensaje del texto descifrado coincide con el resumen de mensaje del mensaje original.

=== Comandos para la generación de claves ===

prompt# keytool -genkey -alias testsender -keystore testkeystore.ks -keyalg RSA Enter keystore password: testpwd What is your first and last name?

[Unknown]: Alice Sender

¿Cuál es su nombre y apellido?

[Unknown]: IT

¿Cuál es el nombre de la unidad organizativa?

[Unknown]: ABC Inc

¿Cuál es el nombre de su organización?

[Unknown]: LA

¿Cuál es el nombre de su ciudad o localidad?

[Unknown]: CA

¿Cuál es el nombre de su estado o provincia?

[Unknown]: US

Es CN = Alice Sender, OU = IT, O = ABC Inc, L = LA, ST = CA, C = EE.UU. correcto?

[no]: y

Introduzca la contraseña clave para <testsender>

(RETURN if same as keystore password): send123

prompt # keytool -genkey -alias testrecv -keystore testkeystore.ks -keyalg RSA Introduzca la contraseña del almacén de claves: testpwd
¿Cuál es su nombre y apellido?

[Unknown]: Bob Receiver

¿Cuál es el nombre de la unidad organizativa?

[Unknown]: HR

¿Cuál es el nombre de su organización?

[Unknown]: ABC Inc

¿Cuál es el nombre de su ciudad o localidad?

[Unknown]: SFO

¿Cuál es el nombre de su estado o provincia?

[Unknown]: CA

¿Qué es el código de país de dos letras para esta unidad?

[Unknown]: US

Es CN = Bob receptor, OU = HR, O = ABC Inc, L = SFO, ST = CA, C = EE.UU. correcto?

[no]: y

Introduzca la contraseña clave para <testrecv>

(RETURN if same as keystore password): recv123

=== Ejemplo de Código ===

==== PublicKeyCryptography.java ====
<pre>package org.owasp.crypto;

import java.security.*;
import java.security.cert.*;
import javax.crypto.*;
import sun.misc.BASE64Encoder;
import sun.misc.BASE64Decoder;

/**
*
* @author Joe Prasanna Kumar
*
* 1. Cifrar los datos utilizando una clave simétrica
* 2. Cifrar la clave simétrica con la clave pública Receptores
* 3. Crear un resumen del mensaje de los datos a transmitir
* 4. Firma el mensaje a transmitir
* 5. Envíe los datos a través de un canal no seguro
* 6. Validar la firma
* 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
* 8. Descifrar los datos usando la clave simétrica
* 9. Calcule MessageDigest de datos + mensaje firmado
* 10.Valide si la síntesis del mensaje del texto descifrado coincide con el resumen de mensaje del mensaje original
*
*/

public class PublicKeyCryptography {

/**
* @param args
*/
public static void main(String[] args) {

SymmetricEncrypt encryptUtil = new SymmetricEncrypt();
String strDataToEncrypt = "Hello World";
byte[] byteDataToTransmit = strDataToEncrypt.getBytes();

// Generación de un SecretKey para el cifrado simétrico
SecretKey senderSecretKey = SymmetricEncrypt.getSecret();

//1. Cifrar los datos utilizando una clave simétrica
byte[] byteCipherText = encryptUtil.encryptData(byteDataToTransmit,senderSecretKey,"AES");
String strCipherText = new BASE64Encoder().encode(byteCipherText);

//2. Cifrar la clave simétrica con la clave pública
try{
// 2.1 Especifique el almacén de claves que se haya importado el certificado Receptores
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
char [] password = "testpwd".toCharArray();
java.io.FileInputStream fis = new java.io.FileInputStream("/home/Joebi/workspace/OWASP_Crypto/org/owasp/crypto/testkeystore.ks");
ks.load(fis, password);
fis.close();

// 2.2 Creación de un certificado X509 del receptor
X509Certificate recvcert ;
MessageDigest md = MessageDigest.getInstance("MD5");
recvcert = (X509Certificate)ks.getCertificate("testrecv");
// 2.3 Obtención de la llave pública de los certificados
PublicKey pubKeyReceiver = recvcert.getPublicKey();

// 2.4 Cifrado de la SecretKey con la clave pública Receptores
byte[] byteEncryptWithPublicKey = encryptUtil.encryptData(senderSecretKey.getEncoded(),pubKeyReceiver,"RSA/ECB/PKCS1Padding");
String strSenbyteEncryptWithPublicKey = new BASE64Encoder().encode(byteEncryptWithPublicKey);

// 3. Crear un resumen del mensaje de los datos a transmitir
md.update(byteDataToTransmit);
byte byteMDofDataToTransmit[] = md.digest();

String strMDofDataToTransmit = new String();
for (int i = 0; i < byteMDofDataToTransmit.length; i++){
strMDofDataToTransmit = strMDofDataToTransmit + Integer.toHexString((int)byteMDofDataToTransmit[i] & 0xFF) ;
}

// 3.1 Mensaje que se Firmado = clave secreta cifrada + MAC de los datos a transmitir
String strMsgToSign = strSenbyteEncryptWithPublicKey + "|" + strMDofDataToTransmit;

// 4. Firma el mensaje
// 4.1 Obtener la clave privada del remitente desde el almacén de claves, proporcionando la contraseña establecida para la llave privada mientras se crea las llaves usados.
char[] keypassword = "send123".toCharArray();
Key myKey = ks.getKey("testsender", keypassword);
PrivateKey myPrivateKey = (PrivateKey)myKey;

// 4.2 Firmar el mensaje
Signature mySign = Signature.getInstance("MD5withRSA");
mySign.initSign(myPrivateKey);
mySign.update(strMsgToSign.getBytes());
byte[] byteSignedData = mySign.sign();

// 5. Los valores byteSignedData (la firma) y strMsgToSign (los datos que se firmó) se pueden enviar a través del receptor

// 6. Validar la firma
// 6.1 Extraer la clave pública de su certificado de remitentes
X509Certificate sendercert ;
sendercert = (X509Certificate)ks.getCertificate("testsender");
PublicKey pubKeySender = sendercert.getPublicKey();
// 6.2 Verificar la Firma
Signature myVerifySign = Signature.getInstance("MD5withRSA");
myVerifySign.initVerify(pubKeySender);
myVerifySign.update(strMsgToSign.getBytes());

boolean verifySign = myVerifySign.verify(byteSignedData);
if (verifySign == false)
{
System.out.println(" Error in validating Signature ");
}

else
System.out.println(" Successfully validated Signature ");

// 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
char[] recvpassword = "recv123".toCharArray();
Key recvKey = ks.getKey("testrecv", recvpassword);
PrivateKey recvPrivateKey = (PrivateKey)recvKey;

// Analizar el MessageDigest y el valor cifrado
String strRecvSignedData = new String (byteSignedData);
String[] strRecvSignedDataArray = new String [10];
strRecvSignedDataArray = strMsgToSign.split("|");
int intindexofsep = strMsgToSign.indexOf("|");
String strEncryptWithPublicKey = strMsgToSign.substring(0,intindexofsep);
String strHashOfData = strMsgToSign.substring(intindexofsep+1);

// Descifrado para obtener la clave simétrica
byte[] bytestrEncryptWithPublicKey = new BASE64Decoder().decodeBuffer(strEncryptWithPublicKey);
byte[] byteDecryptWithPrivateKey = encryptUtil.decryptData(byteEncryptWithPublicKey,recvPrivateKey,"RSA/ECB/PKCS1Padding");

// 8. Descifrar los datos usando la clave simétrica
javax.crypto.spec.SecretKeySpec secretKeySpecDecrypted = new javax.crypto.spec.SecretKeySpec(byteDecryptWithPrivateKey,"AES");
byte[] byteDecryptText = encryptUtil.decryptData(byteCipherText,secretKeySpecDecrypted,"AES");
String strDecryptedText = new String(byteDecryptText);
System.out.println(" Decrypted data is " +strDecryptedText);

// 9. Calcule MessageDigest de datos + mensaje firmado
MessageDigest recvmd = MessageDigest.getInstance("MD5");
recvmd.update(byteDecryptText);
byte byteHashOfRecvSignedData[] = recvmd.digest();

String strHashOfRecvSignedData = new String();

for (int i = 0; i < byteHashOfRecvSignedData.length; i++){
strHashOfRecvSignedData = strHashOfRecvSignedData + Integer.toHexString((int)byteHashOfRecvSignedData[i] & 0xFF) ;
}
// 10. Validar si la síntesis del mensaje del texto coincide con el mensaje descifrado
Digest of the Original Message

if (!strHashOfRecvSignedData.equals(strHashOfData))
{
System.out.println(" Message has been tampered ");
}

}

catch(Exception exp)
{
System.out.println(" Exception caught " + exp);
exp.printStackTrace();
}

}

}
</pre>
==== SymmetricEncrypt.java ====
<pre>package org.owasp.crypto;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.Cipher;
import java.security.Key;

import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import java.security.InvalidAlgorithmParameterException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;

import sun.misc.BASE64Encoder;

/**
* @author Joe Prasanna Kumar
* Este programa ofrece las funcionalidades criptográficas siguientes
* 1. Cifrado con AES
* 2. El descifrado con AES
*
* Algoritmo de alto nivel:
* 1. Generar una clave DES (especificar el tamaño de la clave durante esta fase)
* 2. Cree el Cipher
* 3. Para cifrar: Inicializar el cifrado para el cifrado
* 4. Para descifrar: Inicializar el cifrado para descifrar
*
*
*/

public class SymmetricEncrypt {

String strDataToEncrypt = new String();
String strCipherText = new String();
String strDecryptedText = new String();
static KeyGenerator keyGen;
private static String strHexVal = "0123456789abcdef";

public static SecretKey getSecret(){
/**
* Paso 1. Generación de una clave AES mediante keygenerator
* Inicializa el tamaño de clave de 128
*
*/

try{
keyGen = KeyGenerator.getInstance("AES");
keyGen.init(128);

}

catch(Exception exp)
{
System.out.println(" Exception inside constructor " +exp);
}

SecretKey secretKey = keyGen.generateKey();
return secretKey;
}

/**
* Paso 2. Crear un sistema de cifrado mediante la especificación de los siguientes parámetros
* a. Nombre del algoritmo - aquí es AES
*/

public byte[] encryptData(byte[] byteDataToEncrypt, Key secretKey, String Algorithm) {
byte[] byteCipherText = new byte[200];

try {
Cipher aesCipher = Cipher.getInstance(Algorithm);

/**
* Paso 3. Inicialice el cifrado para el cifrado
*/
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey);
}

/**
* Paso 4. Cifrar los datos
* 1. Declarar / inicializar los datos. Aquí los datos son de tipo String
* 2. Convertir el texto de entrada a Bytes
* 3. Cifrado de los bytes, utilizando el método doFinal
*/
byteCipherText = aesCipher.doFinal(byteDataToEncrypt);
strCipherText = new BASE64Encoder().encode(byteCipherText);

}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}
catch (Exception exp)
{
exp.printStackTrace();
}

return byteCipherText;
}
/**
* Paso 5. Descifrar los datos
* 1. Inicialice el cifrado para descifrar
* 2. Descifrar los bytes cifrados utilizando el método doFinal
*/

public byte[] decryptData(byte[] byteCipherText, Key secretKey, String Algorithm) {
byte[] byteDecryptedText = new byte[200];

try{
Cipher aesCipher = Cipher.getInstance(Algorithm);
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey);
}

byteDecryptedText = aesCipher.doFinal(byteCipherText);
strDecryptedText = new String(byteDecryptedText);
}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
invalidKey.printStackTrace();
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
badPadding.printStackTrace();
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}

catch (InvalidAlgorithmParameterException invalidParam)
{
System.out.println(" Invalid Parameter " + invalidParam);
}

return byteDecryptedText;
}

public static byte[] convertStringToByteArray(String strInput) {
strInput = strInput.toLowerCase();
byte[] byteConverted = new byte[(strInput.length() + 1) / 2];
int j = 0;
int interimVal;
int nibble = -1;

for (int i = 0; i < strInput.length(); ++i) {
interimVal = strHexVal.indexOf(strInput.charAt(i));
if (interimVal >= 0) {
if (nibble < 0) {
nibble = interimVal;
} else {
byteConverted[j++] = (byte) ((nibble << 4) + interimVal);
nibble = -1;
}
}
}

if (nibble >= 0) {
byteConverted[j++] = (byte) (nibble << 4);
}

if (j < byteConverted.length) {
byte[] byteTemp = new byte[j];
System.arraycopy(byteConverted, 0, byteTemp, 0, j);
byteConverted = byteTemp;
}

return byteConverted;
}

public static String convertByteArrayToString(byte[] block) {
StringBuffer buf = new StringBuffer();

for (int i = 0; i < block.length; ++i) {
buf.append(strHexVal.charAt((block[i] >>> 4) & 0xf));
buf.append(strHexVal.charAt(block[i] & 0xf));
}

return buf.toString();
}
}
</pre>
== Referencias ==

#Computer Security Arts and Science – Matt Bishop
#Core Security Patterns – Christopher Steele, Ray Lai and Ramesh Nagappan

[[Category:Java]]

'''Aplicaciones en Ambientes Libres'''

'''Tutor:''' Ing. Tito Armas

'''Traductoroas:''' Bravo Maria Jose y Portilla Maria Fernanda 2012

Implementacion De Firmas Digitales en Java

2016-05-25T20:15:48Z

Ledio5485: /* What is a digital signature? */

== WARNING ==

Jim Manico recently brought to my attention this wiki page, the same who asked me to check exactly. In doing so, I noticed several errors and areas of weakness. Lately, I have the intention to revisit this page (hopefully with the help of one of the original owners), but I do not have time to do a full review at this time. Therefore, I will summarize the problems observed on this page and leaving you the decision to use or not, with these warnings.
 
#First, this page does not describe "digital signatures". Rather, it describes a concept known as "digital envelopes", which is a scheme used with objects such as S / MIME. Digital signatures not only encrypt the actual message text, only encrypts the hash of the message text.
#UTF-8 should be used to convert between Java byte strings and arrays to ensure adequate portability across different operating systems.
#The certificate chain must always be validated. In this example, the certificate is self-signed, so this is not relevant and will not be true in the normal case. Furthermore, it should be noted that the self-signed, but acceptable for demonstration purposes certificates is considered a dubious practice for production, as it opens the door to spoofing attacks.
#[http://www.nist.gov/ NIST] now recommends using key size 2048 bits for RSA or DSA keys.
#There is a consistent use of weak algorithms. Here are some suggested replacements:
## Use "RSA/ECB/OAEPWithSHA1AndMGF1Padding" instead of "RSA/ECB/PKCS1Padding".
## Use SHA1 (or better SHA256, SHA1 but at least) instead of MD5 for message digest.
## Use "SHA1withRSA" for the signature algorithm instead of "MD5withRSA".
## When creating a symmetric encryption system to encrypt the message text, use "AES / CBC / PKCS5Padding" and choose an IV random for each text message instead of simply using "AES", ending with "AES / ECB / PKCS5Padding ". ECB mode is extremely weak for a regular plain text. (OK for random bit encryption, however, is well used with RSA.) However, the use CBC and PKCS5Padding could make it vulnerable to "Padding Oracle" attacks, so caution is advised. You can use Encryptor 2.0 ESAPI 's to avoid it. (Note also, this part is the concept of "on digital". If this page was really limited by "digital signatures" would not apply because it would be irrelevant.)
 
I hope to get soonest, before cleaning this wiki page. Meanwhile, email me your questions.
 
-Kevin Wall

== Overview ==

This article presents a brief overview of the concepts involved with digital signatures and provides code examples for the application of digital signatures in Java using the [http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html Java Cryptography Architecture (JCA)].

=== What is a digital signature? ===

A digital signature is a concept that helps to get the non-repudiation of origin (ie, the integrity of Origin) data. By digitally signing the document, the person signing, says he is the author of the document or the signed message.

=== Necesidad de Firma Digital ===

Durante la "E" revolución, fue una necesidad para la autenticación de críticas transacciones sobre todo en el mundo financiero. Si Alice se comprometió a transferir $ x para Bob, entonces tenía que haber una manera para que Bob se asegure de que:

*Fue Alice quien realizó la transacción y no otra persona suplantando Alice (Autenticación).
*El monto acordado por Alice es $x (Integridad).
*Alicia no pudo discutir su declaración de transacción $x a Bob (No repudio de origen).

Estas preocupaciones fueron tratadas con una solución conocida como firmas digitales. Más información de fondo sobre las firmas digitales se puede encontrar en [http://en.wikipedia.org/wiki/Digital_signature Wikipedia article]

== Firmas digitales en Java utilizando JCA ==

La Arquitectura de Java Cryptography es un marco para el acceso y el desarrollo de la funcionalidad criptográfica para la plataforma Java. Un proveedor de JCA implementa las funcionalidades criptográficas como firmas digitales y compendios de mensajes. El proveedor predeterminado JCA en JDK 1.4.2 es SUN.

=== Consideraciones de seguridad al implementar la firma digital ===

Dos consideraciones principales de seguridad que se deben tener en cuenta al aplicar firmas digitales son:

#Firma el mensaje y, a continuación cifrar el mensaje firmado.
#Firma el hash del mensaje en lugar del mensaje completo.

=== Consideraciones sobre el rendimiento al implementar la firma digital ===

Dado que los algoritmos de cifrado asimétricos, como RSA, DSA son computacionalmente más lento que los algoritmos de cifrado simétricos como AES, es una buena práctica, cifrar el mensaje real que se transmite utilizando un algoritmo de clave simétrica y luego cifrar la clave que se utiliza en el algoritmo de clave simétrica utilizando un algoritmo de clave asimétrica. Por ejemplo: si se quiere transmitir el mensaje "Hola Mundo de Firmas Digitales", entonces primero se cifra este mensaje con una clave simétrica, por ejemplo una clave AES de 128 bits como x7oFaHSPnWxEMiZE/0qYrg y luego se cifra esta clave con un algoritmo de clave asimétrica como RSA.

== Algoritmo para implementar la firma digital utilizando el algoritmo RSA ==

El proveedor de la implementación en Java RSA tiene una limitación en que el cifrado se puede realizar sólo en los datos de longitud <= 117 bytes. Si los datos son de longitud > 117 bytes, se lanzaría un IllegalBlockSizeException: Los datos no debe tener más de 117 bytes ahí la simetría tiene que ser cifrados y luego firmados.

El algoritmo RSA PKCS # 1 con relleno sólo puede cifrar los datos de tamaño k - 11 [http://www.rsa.com/rsalabs/node.asp?id=2125 1], donde k cuya longitud es de un octeto del módulo RSA y 11 es la cantidad de bytes utilizados por el relleno PCKS # 1 v1.5. Por lo tanto, si usamos una clave RSA de tamaño de 1024 bits, podríamos cifrar sólo 128 - 11 => 117 bytes de datos. Hay dos opciones disponibles para cifrar los datos de tamaño de byte más grande.

#Podríamos usar una clave RSA de longitud> 1024. Por ejemplo, si usamos 2048 bits, entonces podríamos cifrar 256-11 => 245 bytes de datos. La desventaja de este enfoque es que no sería capaz de codificar los datos de tamaño> x bytes (en el ejemplo anterior x es 245).
#Analizar los datos de entrada en trozos de bytes de tamaño <117 y aplicar la encriptación en cada trozo. El código de ejemplo de este enfoque se puede encontrar aquí [http://www.aviransplace.com/2004/10/12/using-rsa-encryption-with-java/3/ here].

Ambos enfoques podrían afectar al rendimiento ya que la clave RSA de mayor tamaño o un enfoque de "divide y vencerás" de bytes de entrada son computacionalmente costosa.

=== Algoritmo ===

Con las anteriores consideraciones, el algoritmo siguiente puede ser usado para la implementación de la criptografía de clave pública en Java.

#Cifrar el mensaje utilizando una clave simétrica
#Concatenar la clave simétrica + hash de clave simétrica + hash del mensaje.
#Cifrar la cadena concatenada con la clave pública de los receptores.
#Firmar los datos a transmitir (clave simétrica cifrada + Hash de la tecla + Hash del mensaje).
#Validar la firma.
#Descifrar el mensaje con la clave privada del receptor para obtener la clave simétrica.
#Validar la integridad de la clave utilizando el hash de la clave.
#Descifrar el mensaje real usando la clave simétrica que se ha descifrado, se analiza y se comprueba la integridad.
#Calcular MessageDigest de datos.
#Validar si la síntesis del mensaje del texto descifrado coincide con el resumen de mensaje del mensaje original.

=== Comandos para la generación de claves ===

prompt# keytool -genkey -alias testsender -keystore testkeystore.ks -keyalg RSA Enter keystore password: testpwd What is your first and last name?

[Unknown]: Alice Sender

¿Cuál es su nombre y apellido?

[Unknown]: IT

¿Cuál es el nombre de la unidad organizativa?

[Unknown]: ABC Inc

¿Cuál es el nombre de su organización?

[Unknown]: LA

¿Cuál es el nombre de su ciudad o localidad?

[Unknown]: CA

¿Cuál es el nombre de su estado o provincia?

[Unknown]: US

Es CN = Alice Sender, OU = IT, O = ABC Inc, L = LA, ST = CA, C = EE.UU. correcto?

[no]: y

Introduzca la contraseña clave para <testsender>

(RETURN if same as keystore password): send123

prompt # keytool -genkey -alias testrecv -keystore testkeystore.ks -keyalg RSA Introduzca la contraseña del almacén de claves: testpwd
¿Cuál es su nombre y apellido?

[Unknown]: Bob Receiver

¿Cuál es el nombre de la unidad organizativa?

[Unknown]: HR

¿Cuál es el nombre de su organización?

[Unknown]: ABC Inc

¿Cuál es el nombre de su ciudad o localidad?

[Unknown]: SFO

¿Cuál es el nombre de su estado o provincia?

[Unknown]: CA

¿Qué es el código de país de dos letras para esta unidad?

[Unknown]: US

Es CN = Bob receptor, OU = HR, O = ABC Inc, L = SFO, ST = CA, C = EE.UU. correcto?

[no]: y

Introduzca la contraseña clave para <testrecv>

(RETURN if same as keystore password): recv123

=== Ejemplo de Código ===

==== PublicKeyCryptography.java ====
<pre>package org.owasp.crypto;

import java.security.*;
import java.security.cert.*;
import javax.crypto.*;
import sun.misc.BASE64Encoder;
import sun.misc.BASE64Decoder;

/**
*
* @author Joe Prasanna Kumar
*
* 1. Cifrar los datos utilizando una clave simétrica
* 2. Cifrar la clave simétrica con la clave pública Receptores
* 3. Crear un resumen del mensaje de los datos a transmitir
* 4. Firma el mensaje a transmitir
* 5. Envíe los datos a través de un canal no seguro
* 6. Validar la firma
* 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
* 8. Descifrar los datos usando la clave simétrica
* 9. Calcule MessageDigest de datos + mensaje firmado
* 10.Valide si la síntesis del mensaje del texto descifrado coincide con el resumen de mensaje del mensaje original
*
*/

public class PublicKeyCryptography {

/**
* @param args
*/
public static void main(String[] args) {

SymmetricEncrypt encryptUtil = new SymmetricEncrypt();
String strDataToEncrypt = "Hello World";
byte[] byteDataToTransmit = strDataToEncrypt.getBytes();

// Generación de un SecretKey para el cifrado simétrico
SecretKey senderSecretKey = SymmetricEncrypt.getSecret();

//1. Cifrar los datos utilizando una clave simétrica
byte[] byteCipherText = encryptUtil.encryptData(byteDataToTransmit,senderSecretKey,"AES");
String strCipherText = new BASE64Encoder().encode(byteCipherText);

//2. Cifrar la clave simétrica con la clave pública
try{
// 2.1 Especifique el almacén de claves que se haya importado el certificado Receptores
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
char [] password = "testpwd".toCharArray();
java.io.FileInputStream fis = new java.io.FileInputStream("/home/Joebi/workspace/OWASP_Crypto/org/owasp/crypto/testkeystore.ks");
ks.load(fis, password);
fis.close();

// 2.2 Creación de un certificado X509 del receptor
X509Certificate recvcert ;
MessageDigest md = MessageDigest.getInstance("MD5");
recvcert = (X509Certificate)ks.getCertificate("testrecv");
// 2.3 Obtención de la llave pública de los certificados
PublicKey pubKeyReceiver = recvcert.getPublicKey();

// 2.4 Cifrado de la SecretKey con la clave pública Receptores
byte[] byteEncryptWithPublicKey = encryptUtil.encryptData(senderSecretKey.getEncoded(),pubKeyReceiver,"RSA/ECB/PKCS1Padding");
String strSenbyteEncryptWithPublicKey = new BASE64Encoder().encode(byteEncryptWithPublicKey);

// 3. Crear un resumen del mensaje de los datos a transmitir
md.update(byteDataToTransmit);
byte byteMDofDataToTransmit[] = md.digest();

String strMDofDataToTransmit = new String();
for (int i = 0; i < byteMDofDataToTransmit.length; i++){
strMDofDataToTransmit = strMDofDataToTransmit + Integer.toHexString((int)byteMDofDataToTransmit[i] & 0xFF) ;
}

// 3.1 Mensaje que se Firmado = clave secreta cifrada + MAC de los datos a transmitir
String strMsgToSign = strSenbyteEncryptWithPublicKey + "|" + strMDofDataToTransmit;

// 4. Firma el mensaje
// 4.1 Obtener la clave privada del remitente desde el almacén de claves, proporcionando la contraseña establecida para la llave privada mientras se crea las llaves usados.
char[] keypassword = "send123".toCharArray();
Key myKey = ks.getKey("testsender", keypassword);
PrivateKey myPrivateKey = (PrivateKey)myKey;

// 4.2 Firmar el mensaje
Signature mySign = Signature.getInstance("MD5withRSA");
mySign.initSign(myPrivateKey);
mySign.update(strMsgToSign.getBytes());
byte[] byteSignedData = mySign.sign();

// 5. Los valores byteSignedData (la firma) y strMsgToSign (los datos que se firmó) se pueden enviar a través del receptor

// 6. Validar la firma
// 6.1 Extraer la clave pública de su certificado de remitentes
X509Certificate sendercert ;
sendercert = (X509Certificate)ks.getCertificate("testsender");
PublicKey pubKeySender = sendercert.getPublicKey();
// 6.2 Verificar la Firma
Signature myVerifySign = Signature.getInstance("MD5withRSA");
myVerifySign.initVerify(pubKeySender);
myVerifySign.update(strMsgToSign.getBytes());

boolean verifySign = myVerifySign.verify(byteSignedData);
if (verifySign == false)
{
System.out.println(" Error in validating Signature ");
}

else
System.out.println(" Successfully validated Signature ");

// 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
char[] recvpassword = "recv123".toCharArray();
Key recvKey = ks.getKey("testrecv", recvpassword);
PrivateKey recvPrivateKey = (PrivateKey)recvKey;

// Analizar el MessageDigest y el valor cifrado
String strRecvSignedData = new String (byteSignedData);
String[] strRecvSignedDataArray = new String [10];
strRecvSignedDataArray = strMsgToSign.split("|");
int intindexofsep = strMsgToSign.indexOf("|");
String strEncryptWithPublicKey = strMsgToSign.substring(0,intindexofsep);
String strHashOfData = strMsgToSign.substring(intindexofsep+1);

// Descifrado para obtener la clave simétrica
byte[] bytestrEncryptWithPublicKey = new BASE64Decoder().decodeBuffer(strEncryptWithPublicKey);
byte[] byteDecryptWithPrivateKey = encryptUtil.decryptData(byteEncryptWithPublicKey,recvPrivateKey,"RSA/ECB/PKCS1Padding");

// 8. Descifrar los datos usando la clave simétrica
javax.crypto.spec.SecretKeySpec secretKeySpecDecrypted = new javax.crypto.spec.SecretKeySpec(byteDecryptWithPrivateKey,"AES");
byte[] byteDecryptText = encryptUtil.decryptData(byteCipherText,secretKeySpecDecrypted,"AES");
String strDecryptedText = new String(byteDecryptText);
System.out.println(" Decrypted data is " +strDecryptedText);

// 9. Calcule MessageDigest de datos + mensaje firmado
MessageDigest recvmd = MessageDigest.getInstance("MD5");
recvmd.update(byteDecryptText);
byte byteHashOfRecvSignedData[] = recvmd.digest();

String strHashOfRecvSignedData = new String();

for (int i = 0; i < byteHashOfRecvSignedData.length; i++){
strHashOfRecvSignedData = strHashOfRecvSignedData + Integer.toHexString((int)byteHashOfRecvSignedData[i] & 0xFF) ;
}
// 10. Validar si la síntesis del mensaje del texto coincide con el mensaje descifrado
Digest of the Original Message

if (!strHashOfRecvSignedData.equals(strHashOfData))
{
System.out.println(" Message has been tampered ");
}

}

catch(Exception exp)
{
System.out.println(" Exception caught " + exp);
exp.printStackTrace();
}

}

}
</pre>
==== SymmetricEncrypt.java ====
<pre>package org.owasp.crypto;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.Cipher;
import java.security.Key;

import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import java.security.InvalidAlgorithmParameterException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;

import sun.misc.BASE64Encoder;

/**
* @author Joe Prasanna Kumar
* Este programa ofrece las funcionalidades criptográficas siguientes
* 1. Cifrado con AES
* 2. El descifrado con AES
*
* Algoritmo de alto nivel:
* 1. Generar una clave DES (especificar el tamaño de la clave durante esta fase)
* 2. Cree el Cipher
* 3. Para cifrar: Inicializar el cifrado para el cifrado
* 4. Para descifrar: Inicializar el cifrado para descifrar
*
*
*/

public class SymmetricEncrypt {

String strDataToEncrypt = new String();
String strCipherText = new String();
String strDecryptedText = new String();
static KeyGenerator keyGen;
private static String strHexVal = "0123456789abcdef";

public static SecretKey getSecret(){
/**
* Paso 1. Generación de una clave AES mediante keygenerator
* Inicializa el tamaño de clave de 128
*
*/

try{
keyGen = KeyGenerator.getInstance("AES");
keyGen.init(128);

}

catch(Exception exp)
{
System.out.println(" Exception inside constructor " +exp);
}

SecretKey secretKey = keyGen.generateKey();
return secretKey;
}

/**
* Paso 2. Crear un sistema de cifrado mediante la especificación de los siguientes parámetros
* a. Nombre del algoritmo - aquí es AES
*/

public byte[] encryptData(byte[] byteDataToEncrypt, Key secretKey, String Algorithm) {
byte[] byteCipherText = new byte[200];

try {
Cipher aesCipher = Cipher.getInstance(Algorithm);

/**
* Paso 3. Inicialice el cifrado para el cifrado
*/
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey);
}

/**
* Paso 4. Cifrar los datos
* 1. Declarar / inicializar los datos. Aquí los datos son de tipo String
* 2. Convertir el texto de entrada a Bytes
* 3. Cifrado de los bytes, utilizando el método doFinal
*/
byteCipherText = aesCipher.doFinal(byteDataToEncrypt);
strCipherText = new BASE64Encoder().encode(byteCipherText);

}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}
catch (Exception exp)
{
exp.printStackTrace();
}

return byteCipherText;
}
/**
* Paso 5. Descifrar los datos
* 1. Inicialice el cifrado para descifrar
* 2. Descifrar los bytes cifrados utilizando el método doFinal
*/

public byte[] decryptData(byte[] byteCipherText, Key secretKey, String Algorithm) {
byte[] byteDecryptedText = new byte[200];

try{
Cipher aesCipher = Cipher.getInstance(Algorithm);
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey);
}

byteDecryptedText = aesCipher.doFinal(byteCipherText);
strDecryptedText = new String(byteDecryptedText);
}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
invalidKey.printStackTrace();
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
badPadding.printStackTrace();
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}

catch (InvalidAlgorithmParameterException invalidParam)
{
System.out.println(" Invalid Parameter " + invalidParam);
}

return byteDecryptedText;
}

public static byte[] convertStringToByteArray(String strInput) {
strInput = strInput.toLowerCase();
byte[] byteConverted = new byte[(strInput.length() + 1) / 2];
int j = 0;
int interimVal;
int nibble = -1;

for (int i = 0; i < strInput.length(); ++i) {
interimVal = strHexVal.indexOf(strInput.charAt(i));
if (interimVal >= 0) {
if (nibble < 0) {
nibble = interimVal;
} else {
byteConverted[j++] = (byte) ((nibble << 4) + interimVal);
nibble = -1;
}
}
}

if (nibble >= 0) {
byteConverted[j++] = (byte) (nibble << 4);
}

if (j < byteConverted.length) {
byte[] byteTemp = new byte[j];
System.arraycopy(byteConverted, 0, byteTemp, 0, j);
byteConverted = byteTemp;
}

return byteConverted;
}

public static String convertByteArrayToString(byte[] block) {
StringBuffer buf = new StringBuffer();

for (int i = 0; i < block.length; ++i) {
buf.append(strHexVal.charAt((block[i] >>> 4) & 0xf));
buf.append(strHexVal.charAt(block[i] & 0xf));
}

return buf.toString();
}
}
</pre>
== Referencias ==

#Computer Security Arts and Science – Matt Bishop
#Core Security Patterns – Christopher Steele, Ray Lai and Ramesh Nagappan

[[Category:Java]]

'''Aplicaciones en Ambientes Libres'''

'''Tutor:''' Ing. Tito Armas

'''Traductoroas:''' Bravo Maria Jose y Portilla Maria Fernanda 2012

Implementacion De Firmas Digitales en Java

2016-05-25T20:14:00Z

Ledio5485: /* Overview */

== WARNING ==

Jim Manico recently brought to my attention this wiki page, the same who asked me to check exactly. In doing so, I noticed several errors and areas of weakness. Lately, I have the intention to revisit this page (hopefully with the help of one of the original owners), but I do not have time to do a full review at this time. Therefore, I will summarize the problems observed on this page and leaving you the decision to use or not, with these warnings.
 
#First, this page does not describe "digital signatures". Rather, it describes a concept known as "digital envelopes", which is a scheme used with objects such as S / MIME. Digital signatures not only encrypt the actual message text, only encrypts the hash of the message text.
#UTF-8 should be used to convert between Java byte strings and arrays to ensure adequate portability across different operating systems.
#The certificate chain must always be validated. In this example, the certificate is self-signed, so this is not relevant and will not be true in the normal case. Furthermore, it should be noted that the self-signed, but acceptable for demonstration purposes certificates is considered a dubious practice for production, as it opens the door to spoofing attacks.
#[http://www.nist.gov/ NIST] now recommends using key size 2048 bits for RSA or DSA keys.
#There is a consistent use of weak algorithms. Here are some suggested replacements:
## Use "RSA/ECB/OAEPWithSHA1AndMGF1Padding" instead of "RSA/ECB/PKCS1Padding".
## Use SHA1 (or better SHA256, SHA1 but at least) instead of MD5 for message digest.
## Use "SHA1withRSA" for the signature algorithm instead of "MD5withRSA".
## When creating a symmetric encryption system to encrypt the message text, use "AES / CBC / PKCS5Padding" and choose an IV random for each text message instead of simply using "AES", ending with "AES / ECB / PKCS5Padding ". ECB mode is extremely weak for a regular plain text. (OK for random bit encryption, however, is well used with RSA.) However, the use CBC and PKCS5Padding could make it vulnerable to "Padding Oracle" attacks, so caution is advised. You can use Encryptor 2.0 ESAPI 's to avoid it. (Note also, this part is the concept of "on digital". If this page was really limited by "digital signatures" would not apply because it would be irrelevant.)
 
I hope to get soonest, before cleaning this wiki page. Meanwhile, email me your questions.
 
-Kevin Wall

== Overview ==

This article presents a brief overview of the concepts involved with digital signatures and provides code examples for the application of digital signatures in Java using the [http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html Java Cryptography Architecture (JCA)].

=== ¿Qué es una firma digital? ===

Una firma digital es un concepto que ayuda a obtener el no repudio de origen (es decir, la Integridad del Origen) de datos. Al firmar digitalmente el documento, la persona que firma, asegura que él es el autor del documento o el mensaje firmado.

=== Necesidad de Firma Digital ===

Durante la "E" revolución, fue una necesidad para la autenticación de críticas transacciones sobre todo en el mundo financiero. Si Alice se comprometió a transferir $ x para Bob, entonces tenía que haber una manera para que Bob se asegure de que:

*Fue Alice quien realizó la transacción y no otra persona suplantando Alice (Autenticación).
*El monto acordado por Alice es $x (Integridad).
*Alicia no pudo discutir su declaración de transacción $x a Bob (No repudio de origen).

Estas preocupaciones fueron tratadas con una solución conocida como firmas digitales. Más información de fondo sobre las firmas digitales se puede encontrar en [http://en.wikipedia.org/wiki/Digital_signature Wikipedia article]

== Firmas digitales en Java utilizando JCA ==

La Arquitectura de Java Cryptography es un marco para el acceso y el desarrollo de la funcionalidad criptográfica para la plataforma Java. Un proveedor de JCA implementa las funcionalidades criptográficas como firmas digitales y compendios de mensajes. El proveedor predeterminado JCA en JDK 1.4.2 es SUN.

=== Consideraciones de seguridad al implementar la firma digital ===

Dos consideraciones principales de seguridad que se deben tener en cuenta al aplicar firmas digitales son:

#Firma el mensaje y, a continuación cifrar el mensaje firmado.
#Firma el hash del mensaje en lugar del mensaje completo.

=== Consideraciones sobre el rendimiento al implementar la firma digital ===

Dado que los algoritmos de cifrado asimétricos, como RSA, DSA son computacionalmente más lento que los algoritmos de cifrado simétricos como AES, es una buena práctica, cifrar el mensaje real que se transmite utilizando un algoritmo de clave simétrica y luego cifrar la clave que se utiliza en el algoritmo de clave simétrica utilizando un algoritmo de clave asimétrica. Por ejemplo: si se quiere transmitir el mensaje "Hola Mundo de Firmas Digitales", entonces primero se cifra este mensaje con una clave simétrica, por ejemplo una clave AES de 128 bits como x7oFaHSPnWxEMiZE/0qYrg y luego se cifra esta clave con un algoritmo de clave asimétrica como RSA.

== Algoritmo para implementar la firma digital utilizando el algoritmo RSA ==

El proveedor de la implementación en Java RSA tiene una limitación en que el cifrado se puede realizar sólo en los datos de longitud <= 117 bytes. Si los datos son de longitud > 117 bytes, se lanzaría un IllegalBlockSizeException: Los datos no debe tener más de 117 bytes ahí la simetría tiene que ser cifrados y luego firmados.

El algoritmo RSA PKCS # 1 con relleno sólo puede cifrar los datos de tamaño k - 11 [http://www.rsa.com/rsalabs/node.asp?id=2125 1], donde k cuya longitud es de un octeto del módulo RSA y 11 es la cantidad de bytes utilizados por el relleno PCKS # 1 v1.5. Por lo tanto, si usamos una clave RSA de tamaño de 1024 bits, podríamos cifrar sólo 128 - 11 => 117 bytes de datos. Hay dos opciones disponibles para cifrar los datos de tamaño de byte más grande.

#Podríamos usar una clave RSA de longitud> 1024. Por ejemplo, si usamos 2048 bits, entonces podríamos cifrar 256-11 => 245 bytes de datos. La desventaja de este enfoque es que no sería capaz de codificar los datos de tamaño> x bytes (en el ejemplo anterior x es 245).
#Analizar los datos de entrada en trozos de bytes de tamaño <117 y aplicar la encriptación en cada trozo. El código de ejemplo de este enfoque se puede encontrar aquí [http://www.aviransplace.com/2004/10/12/using-rsa-encryption-with-java/3/ here].

Ambos enfoques podrían afectar al rendimiento ya que la clave RSA de mayor tamaño o un enfoque de "divide y vencerás" de bytes de entrada son computacionalmente costosa.

=== Algoritmo ===

Con las anteriores consideraciones, el algoritmo siguiente puede ser usado para la implementación de la criptografía de clave pública en Java.

#Cifrar el mensaje utilizando una clave simétrica
#Concatenar la clave simétrica + hash de clave simétrica + hash del mensaje.
#Cifrar la cadena concatenada con la clave pública de los receptores.
#Firmar los datos a transmitir (clave simétrica cifrada + Hash de la tecla + Hash del mensaje).
#Validar la firma.
#Descifrar el mensaje con la clave privada del receptor para obtener la clave simétrica.
#Validar la integridad de la clave utilizando el hash de la clave.
#Descifrar el mensaje real usando la clave simétrica que se ha descifrado, se analiza y se comprueba la integridad.
#Calcular MessageDigest de datos.
#Validar si la síntesis del mensaje del texto descifrado coincide con el resumen de mensaje del mensaje original.

=== Comandos para la generación de claves ===

prompt# keytool -genkey -alias testsender -keystore testkeystore.ks -keyalg RSA Enter keystore password: testpwd What is your first and last name?

[Unknown]: Alice Sender

¿Cuál es su nombre y apellido?

[Unknown]: IT

¿Cuál es el nombre de la unidad organizativa?

[Unknown]: ABC Inc

¿Cuál es el nombre de su organización?

[Unknown]: LA

¿Cuál es el nombre de su ciudad o localidad?

[Unknown]: CA

¿Cuál es el nombre de su estado o provincia?

[Unknown]: US

Es CN = Alice Sender, OU = IT, O = ABC Inc, L = LA, ST = CA, C = EE.UU. correcto?

[no]: y

Introduzca la contraseña clave para <testsender>

(RETURN if same as keystore password): send123

prompt # keytool -genkey -alias testrecv -keystore testkeystore.ks -keyalg RSA Introduzca la contraseña del almacén de claves: testpwd
¿Cuál es su nombre y apellido?

[Unknown]: Bob Receiver

¿Cuál es el nombre de la unidad organizativa?

[Unknown]: HR

¿Cuál es el nombre de su organización?

[Unknown]: ABC Inc

¿Cuál es el nombre de su ciudad o localidad?

[Unknown]: SFO

¿Cuál es el nombre de su estado o provincia?

[Unknown]: CA

¿Qué es el código de país de dos letras para esta unidad?

[Unknown]: US

Es CN = Bob receptor, OU = HR, O = ABC Inc, L = SFO, ST = CA, C = EE.UU. correcto?

[no]: y

Introduzca la contraseña clave para <testrecv>

(RETURN if same as keystore password): recv123

=== Ejemplo de Código ===

==== PublicKeyCryptography.java ====
<pre>package org.owasp.crypto;

import java.security.*;
import java.security.cert.*;
import javax.crypto.*;
import sun.misc.BASE64Encoder;
import sun.misc.BASE64Decoder;

/**
*
* @author Joe Prasanna Kumar
*
* 1. Cifrar los datos utilizando una clave simétrica
* 2. Cifrar la clave simétrica con la clave pública Receptores
* 3. Crear un resumen del mensaje de los datos a transmitir
* 4. Firma el mensaje a transmitir
* 5. Envíe los datos a través de un canal no seguro
* 6. Validar la firma
* 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
* 8. Descifrar los datos usando la clave simétrica
* 9. Calcule MessageDigest de datos + mensaje firmado
* 10.Valide si la síntesis del mensaje del texto descifrado coincide con el resumen de mensaje del mensaje original
*
*/

public class PublicKeyCryptography {

/**
* @param args
*/
public static void main(String[] args) {

SymmetricEncrypt encryptUtil = new SymmetricEncrypt();
String strDataToEncrypt = "Hello World";
byte[] byteDataToTransmit = strDataToEncrypt.getBytes();

// Generación de un SecretKey para el cifrado simétrico
SecretKey senderSecretKey = SymmetricEncrypt.getSecret();

//1. Cifrar los datos utilizando una clave simétrica
byte[] byteCipherText = encryptUtil.encryptData(byteDataToTransmit,senderSecretKey,"AES");
String strCipherText = new BASE64Encoder().encode(byteCipherText);

//2. Cifrar la clave simétrica con la clave pública
try{
// 2.1 Especifique el almacén de claves que se haya importado el certificado Receptores
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
char [] password = "testpwd".toCharArray();
java.io.FileInputStream fis = new java.io.FileInputStream("/home/Joebi/workspace/OWASP_Crypto/org/owasp/crypto/testkeystore.ks");
ks.load(fis, password);
fis.close();

// 2.2 Creación de un certificado X509 del receptor
X509Certificate recvcert ;
MessageDigest md = MessageDigest.getInstance("MD5");
recvcert = (X509Certificate)ks.getCertificate("testrecv");
// 2.3 Obtención de la llave pública de los certificados
PublicKey pubKeyReceiver = recvcert.getPublicKey();

// 2.4 Cifrado de la SecretKey con la clave pública Receptores
byte[] byteEncryptWithPublicKey = encryptUtil.encryptData(senderSecretKey.getEncoded(),pubKeyReceiver,"RSA/ECB/PKCS1Padding");
String strSenbyteEncryptWithPublicKey = new BASE64Encoder().encode(byteEncryptWithPublicKey);

// 3. Crear un resumen del mensaje de los datos a transmitir
md.update(byteDataToTransmit);
byte byteMDofDataToTransmit[] = md.digest();

String strMDofDataToTransmit = new String();
for (int i = 0; i < byteMDofDataToTransmit.length; i++){
strMDofDataToTransmit = strMDofDataToTransmit + Integer.toHexString((int)byteMDofDataToTransmit[i] & 0xFF) ;
}

// 3.1 Mensaje que se Firmado = clave secreta cifrada + MAC de los datos a transmitir
String strMsgToSign = strSenbyteEncryptWithPublicKey + "|" + strMDofDataToTransmit;

// 4. Firma el mensaje
// 4.1 Obtener la clave privada del remitente desde el almacén de claves, proporcionando la contraseña establecida para la llave privada mientras se crea las llaves usados.
char[] keypassword = "send123".toCharArray();
Key myKey = ks.getKey("testsender", keypassword);
PrivateKey myPrivateKey = (PrivateKey)myKey;

// 4.2 Firmar el mensaje
Signature mySign = Signature.getInstance("MD5withRSA");
mySign.initSign(myPrivateKey);
mySign.update(strMsgToSign.getBytes());
byte[] byteSignedData = mySign.sign();

// 5. Los valores byteSignedData (la firma) y strMsgToSign (los datos que se firmó) se pueden enviar a través del receptor

// 6. Validar la firma
// 6.1 Extraer la clave pública de su certificado de remitentes
X509Certificate sendercert ;
sendercert = (X509Certificate)ks.getCertificate("testsender");
PublicKey pubKeySender = sendercert.getPublicKey();
// 6.2 Verificar la Firma
Signature myVerifySign = Signature.getInstance("MD5withRSA");
myVerifySign.initVerify(pubKeySender);
myVerifySign.update(strMsgToSign.getBytes());

boolean verifySign = myVerifySign.verify(byteSignedData);
if (verifySign == false)
{
System.out.println(" Error in validating Signature ");
}

else
System.out.println(" Successfully validated Signature ");

// 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
char[] recvpassword = "recv123".toCharArray();
Key recvKey = ks.getKey("testrecv", recvpassword);
PrivateKey recvPrivateKey = (PrivateKey)recvKey;

// Analizar el MessageDigest y el valor cifrado
String strRecvSignedData = new String (byteSignedData);
String[] strRecvSignedDataArray = new String [10];
strRecvSignedDataArray = strMsgToSign.split("|");
int intindexofsep = strMsgToSign.indexOf("|");
String strEncryptWithPublicKey = strMsgToSign.substring(0,intindexofsep);
String strHashOfData = strMsgToSign.substring(intindexofsep+1);

// Descifrado para obtener la clave simétrica
byte[] bytestrEncryptWithPublicKey = new BASE64Decoder().decodeBuffer(strEncryptWithPublicKey);
byte[] byteDecryptWithPrivateKey = encryptUtil.decryptData(byteEncryptWithPublicKey,recvPrivateKey,"RSA/ECB/PKCS1Padding");

// 8. Descifrar los datos usando la clave simétrica
javax.crypto.spec.SecretKeySpec secretKeySpecDecrypted = new javax.crypto.spec.SecretKeySpec(byteDecryptWithPrivateKey,"AES");
byte[] byteDecryptText = encryptUtil.decryptData(byteCipherText,secretKeySpecDecrypted,"AES");
String strDecryptedText = new String(byteDecryptText);
System.out.println(" Decrypted data is " +strDecryptedText);

// 9. Calcule MessageDigest de datos + mensaje firmado
MessageDigest recvmd = MessageDigest.getInstance("MD5");
recvmd.update(byteDecryptText);
byte byteHashOfRecvSignedData[] = recvmd.digest();

String strHashOfRecvSignedData = new String();

for (int i = 0; i < byteHashOfRecvSignedData.length; i++){
strHashOfRecvSignedData = strHashOfRecvSignedData + Integer.toHexString((int)byteHashOfRecvSignedData[i] & 0xFF) ;
}
// 10. Validar si la síntesis del mensaje del texto coincide con el mensaje descifrado
Digest of the Original Message

if (!strHashOfRecvSignedData.equals(strHashOfData))
{
System.out.println(" Message has been tampered ");
}

}

catch(Exception exp)
{
System.out.println(" Exception caught " + exp);
exp.printStackTrace();
}

}

}
</pre>
==== SymmetricEncrypt.java ====
<pre>package org.owasp.crypto;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.Cipher;
import java.security.Key;

import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import java.security.InvalidAlgorithmParameterException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;

import sun.misc.BASE64Encoder;

/**
* @author Joe Prasanna Kumar
* Este programa ofrece las funcionalidades criptográficas siguientes
* 1. Cifrado con AES
* 2. El descifrado con AES
*
* Algoritmo de alto nivel:
* 1. Generar una clave DES (especificar el tamaño de la clave durante esta fase)
* 2. Cree el Cipher
* 3. Para cifrar: Inicializar el cifrado para el cifrado
* 4. Para descifrar: Inicializar el cifrado para descifrar
*
*
*/

public class SymmetricEncrypt {

String strDataToEncrypt = new String();
String strCipherText = new String();
String strDecryptedText = new String();
static KeyGenerator keyGen;
private static String strHexVal = "0123456789abcdef";

public static SecretKey getSecret(){
/**
* Paso 1. Generación de una clave AES mediante keygenerator
* Inicializa el tamaño de clave de 128
*
*/

try{
keyGen = KeyGenerator.getInstance("AES");
keyGen.init(128);

}

catch(Exception exp)
{
System.out.println(" Exception inside constructor " +exp);
}

SecretKey secretKey = keyGen.generateKey();
return secretKey;
}

/**
* Paso 2. Crear un sistema de cifrado mediante la especificación de los siguientes parámetros
* a. Nombre del algoritmo - aquí es AES
*/

public byte[] encryptData(byte[] byteDataToEncrypt, Key secretKey, String Algorithm) {
byte[] byteCipherText = new byte[200];

try {
Cipher aesCipher = Cipher.getInstance(Algorithm);

/**
* Paso 3. Inicialice el cifrado para el cifrado
*/
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey);
}

/**
* Paso 4. Cifrar los datos
* 1. Declarar / inicializar los datos. Aquí los datos son de tipo String
* 2. Convertir el texto de entrada a Bytes
* 3. Cifrado de los bytes, utilizando el método doFinal
*/
byteCipherText = aesCipher.doFinal(byteDataToEncrypt);
strCipherText = new BASE64Encoder().encode(byteCipherText);

}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}
catch (Exception exp)
{
exp.printStackTrace();
}

return byteCipherText;
}
/**
* Paso 5. Descifrar los datos
* 1. Inicialice el cifrado para descifrar
* 2. Descifrar los bytes cifrados utilizando el método doFinal
*/

public byte[] decryptData(byte[] byteCipherText, Key secretKey, String Algorithm) {
byte[] byteDecryptedText = new byte[200];

try{
Cipher aesCipher = Cipher.getInstance(Algorithm);
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey);
}

byteDecryptedText = aesCipher.doFinal(byteCipherText);
strDecryptedText = new String(byteDecryptedText);
}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
invalidKey.printStackTrace();
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
badPadding.printStackTrace();
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}

catch (InvalidAlgorithmParameterException invalidParam)
{
System.out.println(" Invalid Parameter " + invalidParam);
}

return byteDecryptedText;
}

public static byte[] convertStringToByteArray(String strInput) {
strInput = strInput.toLowerCase();
byte[] byteConverted = new byte[(strInput.length() + 1) / 2];
int j = 0;
int interimVal;
int nibble = -1;

for (int i = 0; i < strInput.length(); ++i) {
interimVal = strHexVal.indexOf(strInput.charAt(i));
if (interimVal >= 0) {
if (nibble < 0) {
nibble = interimVal;
} else {
byteConverted[j++] = (byte) ((nibble << 4) + interimVal);
nibble = -1;
}
}
}

if (nibble >= 0) {
byteConverted[j++] = (byte) (nibble << 4);
}

if (j < byteConverted.length) {
byte[] byteTemp = new byte[j];
System.arraycopy(byteConverted, 0, byteTemp, 0, j);
byteConverted = byteTemp;
}

return byteConverted;
}

public static String convertByteArrayToString(byte[] block) {
StringBuffer buf = new StringBuffer();

for (int i = 0; i < block.length; ++i) {
buf.append(strHexVal.charAt((block[i] >>> 4) & 0xf));
buf.append(strHexVal.charAt(block[i] & 0xf));
}

return buf.toString();
}
}
</pre>
== Referencias ==

#Computer Security Arts and Science – Matt Bishop
#Core Security Patterns – Christopher Steele, Ray Lai and Ramesh Nagappan

[[Category:Java]]

'''Aplicaciones en Ambientes Libres'''

'''Tutor:''' Ing. Tito Armas

'''Traductoroas:''' Bravo Maria Jose y Portilla Maria Fernanda 2012

Implementacion De Firmas Digitales en Java

2016-05-25T20:12:04Z

Ledio5485: /* Overview */

== WARNING ==

Jim Manico recently brought to my attention this wiki page, the same who asked me to check exactly. In doing so, I noticed several errors and areas of weakness. Lately, I have the intention to revisit this page (hopefully with the help of one of the original owners), but I do not have time to do a full review at this time. Therefore, I will summarize the problems observed on this page and leaving you the decision to use or not, with these warnings.
 
#First, this page does not describe "digital signatures". Rather, it describes a concept known as "digital envelopes", which is a scheme used with objects such as S / MIME. Digital signatures not only encrypt the actual message text, only encrypts the hash of the message text.
#UTF-8 should be used to convert between Java byte strings and arrays to ensure adequate portability across different operating systems.
#The certificate chain must always be validated. In this example, the certificate is self-signed, so this is not relevant and will not be true in the normal case. Furthermore, it should be noted that the self-signed, but acceptable for demonstration purposes certificates is considered a dubious practice for production, as it opens the door to spoofing attacks.
#[http://www.nist.gov/ NIST] now recommends using key size 2048 bits for RSA or DSA keys.
#There is a consistent use of weak algorithms. Here are some suggested replacements:
## Use "RSA/ECB/OAEPWithSHA1AndMGF1Padding" instead of "RSA/ECB/PKCS1Padding".
## Use SHA1 (or better SHA256, SHA1 but at least) instead of MD5 for message digest.
## Use "SHA1withRSA" for the signature algorithm instead of "MD5withRSA".
## When creating a symmetric encryption system to encrypt the message text, use "AES / CBC / PKCS5Padding" and choose an IV random for each text message instead of simply using "AES", ending with "AES / ECB / PKCS5Padding ". ECB mode is extremely weak for a regular plain text. (OK for random bit encryption, however, is well used with RSA.) However, the use CBC and PKCS5Padding could make it vulnerable to "Padding Oracle" attacks, so caution is advised. You can use Encryptor 2.0 ESAPI 's to avoid it. (Note also, this part is the concept of "on digital". If this page was really limited by "digital signatures" would not apply because it would be irrelevant.)
 
I hope to get soonest, before cleaning this wiki page. Meanwhile, email me your questions.
 
-Kevin Wall

== Overview ==

This article presents a brief overview of the concepts involved with digital signatures and provides code examples for the application of digital signatures in Java using the Java Cryptography Architecture.

=== ¿Qué es una firma digital? ===

Una firma digital es un concepto que ayuda a obtener el no repudio de origen (es decir, la Integridad del Origen) de datos. Al firmar digitalmente el documento, la persona que firma, asegura que él es el autor del documento o el mensaje firmado.

=== Necesidad de Firma Digital ===

Durante la "E" revolución, fue una necesidad para la autenticación de críticas transacciones sobre todo en el mundo financiero. Si Alice se comprometió a transferir $ x para Bob, entonces tenía que haber una manera para que Bob se asegure de que:

*Fue Alice quien realizó la transacción y no otra persona suplantando Alice (Autenticación).
*El monto acordado por Alice es $x (Integridad).
*Alicia no pudo discutir su declaración de transacción $x a Bob (No repudio de origen).

Estas preocupaciones fueron tratadas con una solución conocida como firmas digitales. Más información de fondo sobre las firmas digitales se puede encontrar en [http://en.wikipedia.org/wiki/Digital_signature Wikipedia article]

== Firmas digitales en Java utilizando JCA ==

La Arquitectura de Java Cryptography es un marco para el acceso y el desarrollo de la funcionalidad criptográfica para la plataforma Java. Un proveedor de JCA implementa las funcionalidades criptográficas como firmas digitales y compendios de mensajes. El proveedor predeterminado JCA en JDK 1.4.2 es SUN.

=== Consideraciones de seguridad al implementar la firma digital ===

Dos consideraciones principales de seguridad que se deben tener en cuenta al aplicar firmas digitales son:

#Firma el mensaje y, a continuación cifrar el mensaje firmado.
#Firma el hash del mensaje en lugar del mensaje completo.

=== Consideraciones sobre el rendimiento al implementar la firma digital ===

Dado que los algoritmos de cifrado asimétricos, como RSA, DSA son computacionalmente más lento que los algoritmos de cifrado simétricos como AES, es una buena práctica, cifrar el mensaje real que se transmite utilizando un algoritmo de clave simétrica y luego cifrar la clave que se utiliza en el algoritmo de clave simétrica utilizando un algoritmo de clave asimétrica. Por ejemplo: si se quiere transmitir el mensaje "Hola Mundo de Firmas Digitales", entonces primero se cifra este mensaje con una clave simétrica, por ejemplo una clave AES de 128 bits como x7oFaHSPnWxEMiZE/0qYrg y luego se cifra esta clave con un algoritmo de clave asimétrica como RSA.

== Algoritmo para implementar la firma digital utilizando el algoritmo RSA ==

El proveedor de la implementación en Java RSA tiene una limitación en que el cifrado se puede realizar sólo en los datos de longitud <= 117 bytes. Si los datos son de longitud > 117 bytes, se lanzaría un IllegalBlockSizeException: Los datos no debe tener más de 117 bytes ahí la simetría tiene que ser cifrados y luego firmados.

El algoritmo RSA PKCS # 1 con relleno sólo puede cifrar los datos de tamaño k - 11 [http://www.rsa.com/rsalabs/node.asp?id=2125 1], donde k cuya longitud es de un octeto del módulo RSA y 11 es la cantidad de bytes utilizados por el relleno PCKS # 1 v1.5. Por lo tanto, si usamos una clave RSA de tamaño de 1024 bits, podríamos cifrar sólo 128 - 11 => 117 bytes de datos. Hay dos opciones disponibles para cifrar los datos de tamaño de byte más grande.

#Podríamos usar una clave RSA de longitud> 1024. Por ejemplo, si usamos 2048 bits, entonces podríamos cifrar 256-11 => 245 bytes de datos. La desventaja de este enfoque es que no sería capaz de codificar los datos de tamaño> x bytes (en el ejemplo anterior x es 245).
#Analizar los datos de entrada en trozos de bytes de tamaño <117 y aplicar la encriptación en cada trozo. El código de ejemplo de este enfoque se puede encontrar aquí [http://www.aviransplace.com/2004/10/12/using-rsa-encryption-with-java/3/ here].

Ambos enfoques podrían afectar al rendimiento ya que la clave RSA de mayor tamaño o un enfoque de "divide y vencerás" de bytes de entrada son computacionalmente costosa.

=== Algoritmo ===

Con las anteriores consideraciones, el algoritmo siguiente puede ser usado para la implementación de la criptografía de clave pública en Java.

#Cifrar el mensaje utilizando una clave simétrica
#Concatenar la clave simétrica + hash de clave simétrica + hash del mensaje.
#Cifrar la cadena concatenada con la clave pública de los receptores.
#Firmar los datos a transmitir (clave simétrica cifrada + Hash de la tecla + Hash del mensaje).
#Validar la firma.
#Descifrar el mensaje con la clave privada del receptor para obtener la clave simétrica.
#Validar la integridad de la clave utilizando el hash de la clave.
#Descifrar el mensaje real usando la clave simétrica que se ha descifrado, se analiza y se comprueba la integridad.
#Calcular MessageDigest de datos.
#Validar si la síntesis del mensaje del texto descifrado coincide con el resumen de mensaje del mensaje original.

=== Comandos para la generación de claves ===

prompt# keytool -genkey -alias testsender -keystore testkeystore.ks -keyalg RSA Enter keystore password: testpwd What is your first and last name?

[Unknown]: Alice Sender

¿Cuál es su nombre y apellido?

[Unknown]: IT

¿Cuál es el nombre de la unidad organizativa?

[Unknown]: ABC Inc

¿Cuál es el nombre de su organización?

[Unknown]: LA

¿Cuál es el nombre de su ciudad o localidad?

[Unknown]: CA

¿Cuál es el nombre de su estado o provincia?

[Unknown]: US

Es CN = Alice Sender, OU = IT, O = ABC Inc, L = LA, ST = CA, C = EE.UU. correcto?

[no]: y

Introduzca la contraseña clave para <testsender>

(RETURN if same as keystore password): send123

prompt # keytool -genkey -alias testrecv -keystore testkeystore.ks -keyalg RSA Introduzca la contraseña del almacén de claves: testpwd
¿Cuál es su nombre y apellido?

[Unknown]: Bob Receiver

¿Cuál es el nombre de la unidad organizativa?

[Unknown]: HR

¿Cuál es el nombre de su organización?

[Unknown]: ABC Inc

¿Cuál es el nombre de su ciudad o localidad?

[Unknown]: SFO

¿Cuál es el nombre de su estado o provincia?

[Unknown]: CA

¿Qué es el código de país de dos letras para esta unidad?

[Unknown]: US

Es CN = Bob receptor, OU = HR, O = ABC Inc, L = SFO, ST = CA, C = EE.UU. correcto?

[no]: y

Introduzca la contraseña clave para <testrecv>

(RETURN if same as keystore password): recv123

=== Ejemplo de Código ===

==== PublicKeyCryptography.java ====
<pre>package org.owasp.crypto;

import java.security.*;
import java.security.cert.*;
import javax.crypto.*;
import sun.misc.BASE64Encoder;
import sun.misc.BASE64Decoder;

/**
*
* @author Joe Prasanna Kumar
*
* 1. Cifrar los datos utilizando una clave simétrica
* 2. Cifrar la clave simétrica con la clave pública Receptores
* 3. Crear un resumen del mensaje de los datos a transmitir
* 4. Firma el mensaje a transmitir
* 5. Envíe los datos a través de un canal no seguro
* 6. Validar la firma
* 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
* 8. Descifrar los datos usando la clave simétrica
* 9. Calcule MessageDigest de datos + mensaje firmado
* 10.Valide si la síntesis del mensaje del texto descifrado coincide con el resumen de mensaje del mensaje original
*
*/

public class PublicKeyCryptography {

/**
* @param args
*/
public static void main(String[] args) {

SymmetricEncrypt encryptUtil = new SymmetricEncrypt();
String strDataToEncrypt = "Hello World";
byte[] byteDataToTransmit = strDataToEncrypt.getBytes();

// Generación de un SecretKey para el cifrado simétrico
SecretKey senderSecretKey = SymmetricEncrypt.getSecret();

//1. Cifrar los datos utilizando una clave simétrica
byte[] byteCipherText = encryptUtil.encryptData(byteDataToTransmit,senderSecretKey,"AES");
String strCipherText = new BASE64Encoder().encode(byteCipherText);

//2. Cifrar la clave simétrica con la clave pública
try{
// 2.1 Especifique el almacén de claves que se haya importado el certificado Receptores
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
char [] password = "testpwd".toCharArray();
java.io.FileInputStream fis = new java.io.FileInputStream("/home/Joebi/workspace/OWASP_Crypto/org/owasp/crypto/testkeystore.ks");
ks.load(fis, password);
fis.close();

// 2.2 Creación de un certificado X509 del receptor
X509Certificate recvcert ;
MessageDigest md = MessageDigest.getInstance("MD5");
recvcert = (X509Certificate)ks.getCertificate("testrecv");
// 2.3 Obtención de la llave pública de los certificados
PublicKey pubKeyReceiver = recvcert.getPublicKey();

// 2.4 Cifrado de la SecretKey con la clave pública Receptores
byte[] byteEncryptWithPublicKey = encryptUtil.encryptData(senderSecretKey.getEncoded(),pubKeyReceiver,"RSA/ECB/PKCS1Padding");
String strSenbyteEncryptWithPublicKey = new BASE64Encoder().encode(byteEncryptWithPublicKey);

// 3. Crear un resumen del mensaje de los datos a transmitir
md.update(byteDataToTransmit);
byte byteMDofDataToTransmit[] = md.digest();

String strMDofDataToTransmit = new String();
for (int i = 0; i < byteMDofDataToTransmit.length; i++){
strMDofDataToTransmit = strMDofDataToTransmit + Integer.toHexString((int)byteMDofDataToTransmit[i] & 0xFF) ;
}

// 3.1 Mensaje que se Firmado = clave secreta cifrada + MAC de los datos a transmitir
String strMsgToSign = strSenbyteEncryptWithPublicKey + "|" + strMDofDataToTransmit;

// 4. Firma el mensaje
// 4.1 Obtener la clave privada del remitente desde el almacén de claves, proporcionando la contraseña establecida para la llave privada mientras se crea las llaves usados.
char[] keypassword = "send123".toCharArray();
Key myKey = ks.getKey("testsender", keypassword);
PrivateKey myPrivateKey = (PrivateKey)myKey;

// 4.2 Firmar el mensaje
Signature mySign = Signature.getInstance("MD5withRSA");
mySign.initSign(myPrivateKey);
mySign.update(strMsgToSign.getBytes());
byte[] byteSignedData = mySign.sign();

// 5. Los valores byteSignedData (la firma) y strMsgToSign (los datos que se firmó) se pueden enviar a través del receptor

// 6. Validar la firma
// 6.1 Extraer la clave pública de su certificado de remitentes
X509Certificate sendercert ;
sendercert = (X509Certificate)ks.getCertificate("testsender");
PublicKey pubKeySender = sendercert.getPublicKey();
// 6.2 Verificar la Firma
Signature myVerifySign = Signature.getInstance("MD5withRSA");
myVerifySign.initVerify(pubKeySender);
myVerifySign.update(strMsgToSign.getBytes());

boolean verifySign = myVerifySign.verify(byteSignedData);
if (verifySign == false)
{
System.out.println(" Error in validating Signature ");
}

else
System.out.println(" Successfully validated Signature ");

// 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
char[] recvpassword = "recv123".toCharArray();
Key recvKey = ks.getKey("testrecv", recvpassword);
PrivateKey recvPrivateKey = (PrivateKey)recvKey;

// Analizar el MessageDigest y el valor cifrado
String strRecvSignedData = new String (byteSignedData);
String[] strRecvSignedDataArray = new String [10];
strRecvSignedDataArray = strMsgToSign.split("|");
int intindexofsep = strMsgToSign.indexOf("|");
String strEncryptWithPublicKey = strMsgToSign.substring(0,intindexofsep);
String strHashOfData = strMsgToSign.substring(intindexofsep+1);

// Descifrado para obtener la clave simétrica
byte[] bytestrEncryptWithPublicKey = new BASE64Decoder().decodeBuffer(strEncryptWithPublicKey);
byte[] byteDecryptWithPrivateKey = encryptUtil.decryptData(byteEncryptWithPublicKey,recvPrivateKey,"RSA/ECB/PKCS1Padding");

// 8. Descifrar los datos usando la clave simétrica
javax.crypto.spec.SecretKeySpec secretKeySpecDecrypted = new javax.crypto.spec.SecretKeySpec(byteDecryptWithPrivateKey,"AES");
byte[] byteDecryptText = encryptUtil.decryptData(byteCipherText,secretKeySpecDecrypted,"AES");
String strDecryptedText = new String(byteDecryptText);
System.out.println(" Decrypted data is " +strDecryptedText);

// 9. Calcule MessageDigest de datos + mensaje firmado
MessageDigest recvmd = MessageDigest.getInstance("MD5");
recvmd.update(byteDecryptText);
byte byteHashOfRecvSignedData[] = recvmd.digest();

String strHashOfRecvSignedData = new String();

for (int i = 0; i < byteHashOfRecvSignedData.length; i++){
strHashOfRecvSignedData = strHashOfRecvSignedData + Integer.toHexString((int)byteHashOfRecvSignedData[i] & 0xFF) ;
}
// 10. Validar si la síntesis del mensaje del texto coincide con el mensaje descifrado
Digest of the Original Message

if (!strHashOfRecvSignedData.equals(strHashOfData))
{
System.out.println(" Message has been tampered ");
}

}

catch(Exception exp)
{
System.out.println(" Exception caught " + exp);
exp.printStackTrace();
}

}

}
</pre>
==== SymmetricEncrypt.java ====
<pre>package org.owasp.crypto;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.Cipher;
import java.security.Key;

import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import java.security.InvalidAlgorithmParameterException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;

import sun.misc.BASE64Encoder;

/**
* @author Joe Prasanna Kumar
* Este programa ofrece las funcionalidades criptográficas siguientes
* 1. Cifrado con AES
* 2. El descifrado con AES
*
* Algoritmo de alto nivel:
* 1. Generar una clave DES (especificar el tamaño de la clave durante esta fase)
* 2. Cree el Cipher
* 3. Para cifrar: Inicializar el cifrado para el cifrado
* 4. Para descifrar: Inicializar el cifrado para descifrar
*
*
*/

public class SymmetricEncrypt {

String strDataToEncrypt = new String();
String strCipherText = new String();
String strDecryptedText = new String();
static KeyGenerator keyGen;
private static String strHexVal = "0123456789abcdef";

public static SecretKey getSecret(){
/**
* Paso 1. Generación de una clave AES mediante keygenerator
* Inicializa el tamaño de clave de 128
*
*/

try{
keyGen = KeyGenerator.getInstance("AES");
keyGen.init(128);

}

catch(Exception exp)
{
System.out.println(" Exception inside constructor " +exp);
}

SecretKey secretKey = keyGen.generateKey();
return secretKey;
}

/**
* Paso 2. Crear un sistema de cifrado mediante la especificación de los siguientes parámetros
* a. Nombre del algoritmo - aquí es AES
*/

public byte[] encryptData(byte[] byteDataToEncrypt, Key secretKey, String Algorithm) {
byte[] byteCipherText = new byte[200];

try {
Cipher aesCipher = Cipher.getInstance(Algorithm);

/**
* Paso 3. Inicialice el cifrado para el cifrado
*/
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey);
}

/**
* Paso 4. Cifrar los datos
* 1. Declarar / inicializar los datos. Aquí los datos son de tipo String
* 2. Convertir el texto de entrada a Bytes
* 3. Cifrado de los bytes, utilizando el método doFinal
*/
byteCipherText = aesCipher.doFinal(byteDataToEncrypt);
strCipherText = new BASE64Encoder().encode(byteCipherText);

}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}
catch (Exception exp)
{
exp.printStackTrace();
}

return byteCipherText;
}
/**
* Paso 5. Descifrar los datos
* 1. Inicialice el cifrado para descifrar
* 2. Descifrar los bytes cifrados utilizando el método doFinal
*/

public byte[] decryptData(byte[] byteCipherText, Key secretKey, String Algorithm) {
byte[] byteDecryptedText = new byte[200];

try{
Cipher aesCipher = Cipher.getInstance(Algorithm);
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey);
}

byteDecryptedText = aesCipher.doFinal(byteCipherText);
strDecryptedText = new String(byteDecryptedText);
}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
invalidKey.printStackTrace();
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
badPadding.printStackTrace();
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}

catch (InvalidAlgorithmParameterException invalidParam)
{
System.out.println(" Invalid Parameter " + invalidParam);
}

return byteDecryptedText;
}

public static byte[] convertStringToByteArray(String strInput) {
strInput = strInput.toLowerCase();
byte[] byteConverted = new byte[(strInput.length() + 1) / 2];
int j = 0;
int interimVal;
int nibble = -1;

for (int i = 0; i < strInput.length(); ++i) {
interimVal = strHexVal.indexOf(strInput.charAt(i));
if (interimVal >= 0) {
if (nibble < 0) {
nibble = interimVal;
} else {
byteConverted[j++] = (byte) ((nibble << 4) + interimVal);
nibble = -1;
}
}
}

if (nibble >= 0) {
byteConverted[j++] = (byte) (nibble << 4);
}

if (j < byteConverted.length) {
byte[] byteTemp = new byte[j];
System.arraycopy(byteConverted, 0, byteTemp, 0, j);
byteConverted = byteTemp;
}

return byteConverted;
}

public static String convertByteArrayToString(byte[] block) {
StringBuffer buf = new StringBuffer();

for (int i = 0; i < block.length; ++i) {
buf.append(strHexVal.charAt((block[i] >>> 4) & 0xf));
buf.append(strHexVal.charAt(block[i] & 0xf));
}

return buf.toString();
}
}
</pre>
== Referencias ==

#Computer Security Arts and Science – Matt Bishop
#Core Security Patterns – Christopher Steele, Ray Lai and Ramesh Nagappan

[[Category:Java]]

'''Aplicaciones en Ambientes Libres'''

'''Tutor:''' Ing. Tito Armas

'''Traductoroas:''' Bravo Maria Jose y Portilla Maria Fernanda 2012

Deserialization of untrusted data

2016-05-25T18:51:02Z

Ledio5485: /* References */

{{Template:Vulnerability}}
{{Template:SecureSoftware}}

Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''

[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]

==Description==

Data which is untrusted cannot be trusted to be well formed. Malformed data or unexpected data could be used to abuse application logic, deny service, or execute arbitrary code, when deserialized.

'''Consequences'''

* Availability: The logic of deserialization could be abused to create recursive object graphs or never provide data expected to terminate reading.
* Authorization: Potentially code could make assumptions that information in the deserialized object about the data is valid. Functions which make this dangerous assumption could be exploited.
* Access control (instruction processing): malicious objects can abuse the logic of custom deserializers in order to affect code execution.

'''Exposure period'''

* Requirements specification: A deserialization library could be used which provides a cryptographic framework to seal serialized data.
* Implementation: Not using the safe deserialization/serializing data features of a language can create data integrity problems.
* Implementation: Not using the protection accessor functions of an object can cause data integrity problems
* Implementation: Not protecting your objects from default overloaded functions - which may provide for raw output streams of objects - may cause data confidentiality problems.
* Implementation: Not making fields transient can often cause data confidentiality problems.

'''Platform'''

* Languages: C, C++, Java, Python, Ruby (and probably others)
* Operating platforms: Any

'''Required resources'''

Any

'''Severity'''

High

'''Likelihood of exploit'''

Medium

It is often convenient to serialize objects for convenient communication or to save them for later use. However, deserialized data or code can often be modified without using the provided accessor functions if it does not use cryptography to protect itself. Furthermore, any cryptography would still be client-side security - which is of course a dangerous security assumption.

An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the non-transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.

==Risk Factors==

* Does the deserialization take place before authentication?
* Does the deserialization limit which types can be deserialized?
* Does the deserialization host have types available which can be repurposed towards malicious ends? Sometimes, these types are called "gadgets", considering their similarity to abusable bits of code that already exist in machine code in [https://en.wikipedia.org/wiki/Return-oriented_programming Return-Oriented-Programming] attacks.

==Examples==

The following is an example from Adobe's BlazeDS AMF deserialization vulnerability ([https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2092 CVE-2011-2092]). You can specify arbitrary classes and properties for a BlazeDS application to deserialize. This particular payload creates an instance of a JFrame object on the target server. The created JFrame object will have a "defaultCloseOperation" of value 3 -- which indicates that the JVM should exit when this JFrame window is closed.

<pre>
[RemoteClass(alias="javax.swing.JFrame")]
public class JFrame {
public var title:String = "Gotcha!";
public var defaultCloseOperation:int = 3;
public var visible:Boolean = true;
}
</pre>

The next example is one that is much more likely to be seen in custom code. This code reads an object from an untrusted source, and then casts it to an AcmeObject:

<pre>
InputStream is = request.getInputStream();
ObjectInputStream ois = new ObjectInputStream(is);
AcmeObject acme = (AcmeObject)ois.readObject();
</pre>

Unfortunately, the casting operation to AcmeObject occurs after the deserialization process ends. Therefore, it's not useful in preventing any attacks that happen during deserialization from occurring. It's possible that behavior in custom deserialization protocols (for instance, by overriding Serializable#readObject() in Java) can be re-purposed towards malicious ends. Researchers have found [http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ complex object graphs which, when deserialized, can lead to remote code execution] in most Java software.

The next example is a denial-of-service attack against any Java application that allows deserialization. The HashSet called "root" in the following code sample has members that are recursively linked to each other. When deserializing this "root" object, the JVM will begin creating a recursive object graph. It will never complete, and consume CPU indefinitely.

<pre>
Set root = new HashSet();
Set s1 = root;
Set s2 = new HashSet();
for (int i = 0; i < 100; i++) {
Set t1 = new HashSet();
Set t2 = new HashSet();
t1.add("foo"); // make it not equal to t2
s1.add(t1);
s1.add(t2);
s2.add(t1);
s2.add(t2);
s1 = t1;
s2 = t2;
}
</pre>

Another example of a denial-of-service attack against any Java application that allows deserialization:

By crafting a stream, such that it contains an ArrayList with a size of Integer.MAX_VALUE, even if all elements are null or the same object, an internal array of length MAX_VALUE will be created, on some JVM's this will cause an OutOfMemoryError prior to deserialization of the elements, this doesn't require much data in the inputStream. Many collection classes and object arrays can be manipulated in similar wasy, as they create their capacity prior to reading in elements, few sanity checks are performed.

It's not like the JVM folks aren't aware, they're just hamstrung by backward compatibility with deployed code.

A quote from ArrayList source (GPL2 license with classpath exception):
<pre>

/**
* The maximum size of array to allocate.
* Some VMs reserve some header words in an array.
* Attempts to allocate larger arrays may result in
* OutOfMemoryError: Requested array size exceeds VM limit
*/
private static final int MAX_ARRAY_SIZE = Integer.MAX_VALUE - 8;
</pre>

Even if ObjectInputStream is overridden to perform look ahead deserialization with a white-list, ObjectInputStream itself, will allow an attacker to create a multidimensional array, with a size of Integer.MAX_VALUE and every array element it contains, to do the same, even if these arrays all contain the same object element reference (passing reference to cached, previously serialized objects, minimizes the stream bytes transferred), it will very quickly consume all available memory in the JVM.

Fortunately ObjectInputStream can be completely re-implemented and overridden by subclassing, in this case the entire functionality of ObjectInputStream has to also be re-implemented to read [https://docs.oracle.com/javase/7/docs/platform/serialization the Java serialization protocol].

Since Java's Serialization uses implicit construction, whereby the first non serializable no argument super class constructor is invoked to create a child class instance (along with some unsafe magic), it prevents classes from checking their invariant's until after construction has completed. For this reason, the standard implicit java Serialization API is flawed from a security perspective.

It is possible to create an ObjectInputStream that is backward compatible with current Serializable Object's serial form, for security, it requires a new deserialization API, the exclusion of circular references, limits placed on array lengths and the object cache, all while allowing classes to check their invariants prior to objects being created, such that no object can be created in an illegal state. In addition administrators will need to be able to reduce the classes available for deserialization to only those required to limit the attack surface, similar to white-listing or using Permission's.

==Related [[Controls]]==

* Requirements specification: A deserialization library could be used which provides a cryptographic framework to seal serialized data.
* Implementation: Use the signing features of a language to assure that deserialized data has not been tainted.
* Implementation: When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe.
* Implementation: Explicitly define final [http://docs.oracle.com/javase/7/docs/api/java/io/Serializable.html readObject()] to prevent deserialization.

An example of this is:

<pre>
private final void readObject(ObjectInputStream in)
throws java.io.IOException {
throw new java.io.IOException("Cannot be deserialized");
}
</pre>

* Implementation: Make fields transient to protect them from deserialization.
* Implementation: In your code, override the [http://docs.oracle.com/javase/7/docs/api/java/io/ObjectInputStream.html ObjectInputStream#resolveClass()] method to prevent arbitrary classes from being deserialized. This safe behavior can be wrapped in a library like [https://github.com/ikkisoft/SerialKiller SerialKiller].
* Implementation: Use a safe replacement for the generic readObject() method as seen [http://www.contrastsecurity.com/security-influencers/java-serialization-vulnerability-threatens-millions-of-applications here]. Note that this addresses "billion laughs" type attacks by checking input length and number of objects deserialized.
* Implementation: Use a Java agent to override the internals of ObjectInputStream to prevent exploitation of known dangerous types as seen in [https://github.com/Contrast-Security-OSS/contrast-rO0 rO0] and [https://github.com/kantega/notsoserial NotSoSerial]
* Implementation: Participate in the reimplementation of ObjectInputStream; Atomic Serialization is designed with security in mind from the outset, while maintaining Object Serial Form compatibility; note this is not a drop in replacement like those above, but likely to be the most secure option.

==References==
* [http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#websphere FoxGlove vulnerability announcement]
* [http://wouter.coekaerts.be/2011/amf-arbitrary-code-execution JFrame DoS example by Wouter Coekaerts]
* [https://gist.github.com/coekie/a27cc406fc9f3dc7a70d HashSet Billion-Laughs Style DoS example by Wouter Coekaerts]
* [https://github.com/ikkisoft/SerialKiller Safe ObjectInputStream implementation that allows policy-based deserialization]
* [https://github.com/Contrast-Security-OSS/contrast-rO0 rO0, a Java agent that protects applications from deserialization attacks]
* [https://github.com/kantega/notsoserial NotSoSerial, a Java agent that protects applications from deserialization attacks]
* [https://github.com/pfirmstone/river-internet/tree/Input-validation-for-Serialization/src/org/apache/river/api/io Atomic Serialization using constructor with input validation, no circular references, Permission limited scope limited object cache and array length limits, with stream resets]
[[Category:Input Validation Vulnerability]]
*[http://www.slideshare.net/codewhitesec/java-deserialization-vulnerabilitesruhrseceditionv10 Java Deserialization Vulnerabilities - The Forgotten Bug Class (RuhrSec Edition)]
*[https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.]

__NOTOC__

[[Category:OWASP ASDR Project]]
[[Category:Vulnerability]]
[[Category:Range and Type Error Vulnerability]]
[[Category:OWASP_CLASP_Project]]
[[Category:Code Snippet]]
[[Category:Java]]

Implementacion De Firmas Digitales en Java

2016-05-25T18:28:33Z

Ledio5485: /* WARNING */

== WARNING ==

Jim Manico recently brought to my attention this wiki page, the same who asked me to check exactly. In doing so, I noticed several errors and areas of weakness. Lately, I have the intention to revisit this page (hopefully with the help of one of the original owners), but I do not have time to do a full review at this time. Therefore, I will summarize the problems observed on this page and leaving you the decision to use or not, with these warnings.
 
#First, this page does not describe "digital signatures". Rather, it describes a concept known as "digital envelopes", which is a scheme used with objects such as S / MIME. Digital signatures not only encrypt the actual message text, only encrypts the hash of the message text.
#UTF-8 should be used to convert between Java byte strings and arrays to ensure adequate portability across different operating systems.
#The certificate chain must always be validated. In this example, the certificate is self-signed, so this is not relevant and will not be true in the normal case. Furthermore, it should be noted that the self-signed, but acceptable for demonstration purposes certificates is considered a dubious practice for production, as it opens the door to spoofing attacks.
#[http://www.nist.gov/ NIST] now recommends using key size 2048 bits for RSA or DSA keys.
#There is a consistent use of weak algorithms. Here are some suggested replacements:
## Use "RSA/ECB/OAEPWithSHA1AndMGF1Padding" instead of "RSA/ECB/PKCS1Padding".
## Use SHA1 (or better SHA256, SHA1 but at least) instead of MD5 for message digest.
## Use "SHA1withRSA" for the signature algorithm instead of "MD5withRSA".
## When creating a symmetric encryption system to encrypt the message text, use "AES / CBC / PKCS5Padding" and choose an IV random for each text message instead of simply using "AES", ending with "AES / ECB / PKCS5Padding ". ECB mode is extremely weak for a regular plain text. (OK for random bit encryption, however, is well used with RSA.) However, the use CBC and PKCS5Padding could make it vulnerable to "Padding Oracle" attacks, so caution is advised. You can use Encryptor 2.0 ESAPI 's to avoid it. (Note also, this part is the concept of "on digital". If this page was really limited by "digital signatures" would not apply because it would be irrelevant.)
 
I hope to get soonest, before cleaning this wiki page. Meanwhile, email me your questions.
 
-Kevin Wall

== Visión de conjunto ==

Este artículo presenta un breve resumen de los conceptos involucrados con firmas digitales y proporciona ejemplos de código para la aplicación de firmas digitales en Java utilizando la Arquitectura de Java Cryptography.

=== ¿Qué es una firma digital? ===

Una firma digital es un concepto que ayuda a obtener el no repudio de origen (es decir, la Integridad del Origen) de datos. Al firmar digitalmente el documento, la persona que firma, asegura que él es el autor del documento o el mensaje firmado.

=== Necesidad de Firma Digital ===

Durante la "E" revolución, fue una necesidad para la autenticación de críticas transacciones sobre todo en el mundo financiero. Si Alice se comprometió a transferir $ x para Bob, entonces tenía que haber una manera para que Bob se asegure de que:

*Fue Alice quien realizó la transacción y no otra persona suplantando Alice (Autenticación).
*El monto acordado por Alice es $x (Integridad).
*Alicia no pudo discutir su declaración de transacción $x a Bob (No repudio de origen).

Estas preocupaciones fueron tratadas con una solución conocida como firmas digitales. Más información de fondo sobre las firmas digitales se puede encontrar en [http://en.wikipedia.org/wiki/Digital_signature Wikipedia article]

== Firmas digitales en Java utilizando JCA ==

La Arquitectura de Java Cryptography es un marco para el acceso y el desarrollo de la funcionalidad criptográfica para la plataforma Java. Un proveedor de JCA implementa las funcionalidades criptográficas como firmas digitales y compendios de mensajes. El proveedor predeterminado JCA en JDK 1.4.2 es SUN.

=== Consideraciones de seguridad al implementar la firma digital ===

Dos consideraciones principales de seguridad que se deben tener en cuenta al aplicar firmas digitales son:

#Firma el mensaje y, a continuación cifrar el mensaje firmado.
#Firma el hash del mensaje en lugar del mensaje completo.

=== Consideraciones sobre el rendimiento al implementar la firma digital ===

Dado que los algoritmos de cifrado asimétricos, como RSA, DSA son computacionalmente más lento que los algoritmos de cifrado simétricos como AES, es una buena práctica, cifrar el mensaje real que se transmite utilizando un algoritmo de clave simétrica y luego cifrar la clave que se utiliza en el algoritmo de clave simétrica utilizando un algoritmo de clave asimétrica. Por ejemplo: si se quiere transmitir el mensaje "Hola Mundo de Firmas Digitales", entonces primero se cifra este mensaje con una clave simétrica, por ejemplo una clave AES de 128 bits como x7oFaHSPnWxEMiZE/0qYrg y luego se cifra esta clave con un algoritmo de clave asimétrica como RSA.

== Algoritmo para implementar la firma digital utilizando el algoritmo RSA ==

El proveedor de la implementación en Java RSA tiene una limitación en que el cifrado se puede realizar sólo en los datos de longitud <= 117 bytes. Si los datos son de longitud > 117 bytes, se lanzaría un IllegalBlockSizeException: Los datos no debe tener más de 117 bytes ahí la simetría tiene que ser cifrados y luego firmados.

El algoritmo RSA PKCS # 1 con relleno sólo puede cifrar los datos de tamaño k - 11 [http://www.rsa.com/rsalabs/node.asp?id=2125 1], donde k cuya longitud es de un octeto del módulo RSA y 11 es la cantidad de bytes utilizados por el relleno PCKS # 1 v1.5. Por lo tanto, si usamos una clave RSA de tamaño de 1024 bits, podríamos cifrar sólo 128 - 11 => 117 bytes de datos. Hay dos opciones disponibles para cifrar los datos de tamaño de byte más grande.

#Podríamos usar una clave RSA de longitud> 1024. Por ejemplo, si usamos 2048 bits, entonces podríamos cifrar 256-11 => 245 bytes de datos. La desventaja de este enfoque es que no sería capaz de codificar los datos de tamaño> x bytes (en el ejemplo anterior x es 245).
#Analizar los datos de entrada en trozos de bytes de tamaño <117 y aplicar la encriptación en cada trozo. El código de ejemplo de este enfoque se puede encontrar aquí [http://www.aviransplace.com/2004/10/12/using-rsa-encryption-with-java/3/ here].

Ambos enfoques podrían afectar al rendimiento ya que la clave RSA de mayor tamaño o un enfoque de "divide y vencerás" de bytes de entrada son computacionalmente costosa.

=== Algoritmo ===

Con las anteriores consideraciones, el algoritmo siguiente puede ser usado para la implementación de la criptografía de clave pública en Java.

#Cifrar el mensaje utilizando una clave simétrica
#Concatenar la clave simétrica + hash de clave simétrica + hash del mensaje.
#Cifrar la cadena concatenada con la clave pública de los receptores.
#Firmar los datos a transmitir (clave simétrica cifrada + Hash de la tecla + Hash del mensaje).
#Validar la firma.
#Descifrar el mensaje con la clave privada del receptor para obtener la clave simétrica.
#Validar la integridad de la clave utilizando el hash de la clave.
#Descifrar el mensaje real usando la clave simétrica que se ha descifrado, se analiza y se comprueba la integridad.
#Calcular MessageDigest de datos.
#Validar si la síntesis del mensaje del texto descifrado coincide con el resumen de mensaje del mensaje original.

=== Comandos para la generación de claves ===

prompt# keytool -genkey -alias testsender -keystore testkeystore.ks -keyalg RSA Enter keystore password: testpwd What is your first and last name?

[Unknown]: Alice Sender

¿Cuál es su nombre y apellido?

[Unknown]: IT

¿Cuál es el nombre de la unidad organizativa?

[Unknown]: ABC Inc

¿Cuál es el nombre de su organización?

[Unknown]: LA

¿Cuál es el nombre de su ciudad o localidad?

[Unknown]: CA

¿Cuál es el nombre de su estado o provincia?

[Unknown]: US

Es CN = Alice Sender, OU = IT, O = ABC Inc, L = LA, ST = CA, C = EE.UU. correcto?

[no]: y

Introduzca la contraseña clave para <testsender>

(RETURN if same as keystore password): send123

prompt # keytool -genkey -alias testrecv -keystore testkeystore.ks -keyalg RSA Introduzca la contraseña del almacén de claves: testpwd
¿Cuál es su nombre y apellido?

[Unknown]: Bob Receiver

¿Cuál es el nombre de la unidad organizativa?

[Unknown]: HR

¿Cuál es el nombre de su organización?

[Unknown]: ABC Inc

¿Cuál es el nombre de su ciudad o localidad?

[Unknown]: SFO

¿Cuál es el nombre de su estado o provincia?

[Unknown]: CA

¿Qué es el código de país de dos letras para esta unidad?

[Unknown]: US

Es CN = Bob receptor, OU = HR, O = ABC Inc, L = SFO, ST = CA, C = EE.UU. correcto?

[no]: y

Introduzca la contraseña clave para <testrecv>

(RETURN if same as keystore password): recv123

=== Ejemplo de Código ===

==== PublicKeyCryptography.java ====
<pre>package org.owasp.crypto;

import java.security.*;
import java.security.cert.*;
import javax.crypto.*;
import sun.misc.BASE64Encoder;
import sun.misc.BASE64Decoder;

/**
*
* @author Joe Prasanna Kumar
*
* 1. Cifrar los datos utilizando una clave simétrica
* 2. Cifrar la clave simétrica con la clave pública Receptores
* 3. Crear un resumen del mensaje de los datos a transmitir
* 4. Firma el mensaje a transmitir
* 5. Envíe los datos a través de un canal no seguro
* 6. Validar la firma
* 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
* 8. Descifrar los datos usando la clave simétrica
* 9. Calcule MessageDigest de datos + mensaje firmado
* 10.Valide si la síntesis del mensaje del texto descifrado coincide con el resumen de mensaje del mensaje original
*
*/

public class PublicKeyCryptography {

/**
* @param args
*/
public static void main(String[] args) {

SymmetricEncrypt encryptUtil = new SymmetricEncrypt();
String strDataToEncrypt = "Hello World";
byte[] byteDataToTransmit = strDataToEncrypt.getBytes();

// Generación de un SecretKey para el cifrado simétrico
SecretKey senderSecretKey = SymmetricEncrypt.getSecret();

//1. Cifrar los datos utilizando una clave simétrica
byte[] byteCipherText = encryptUtil.encryptData(byteDataToTransmit,senderSecretKey,"AES");
String strCipherText = new BASE64Encoder().encode(byteCipherText);

//2. Cifrar la clave simétrica con la clave pública
try{
// 2.1 Especifique el almacén de claves que se haya importado el certificado Receptores
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
char [] password = "testpwd".toCharArray();
java.io.FileInputStream fis = new java.io.FileInputStream("/home/Joebi/workspace/OWASP_Crypto/org/owasp/crypto/testkeystore.ks");
ks.load(fis, password);
fis.close();

// 2.2 Creación de un certificado X509 del receptor
X509Certificate recvcert ;
MessageDigest md = MessageDigest.getInstance("MD5");
recvcert = (X509Certificate)ks.getCertificate("testrecv");
// 2.3 Obtención de la llave pública de los certificados
PublicKey pubKeyReceiver = recvcert.getPublicKey();

// 2.4 Cifrado de la SecretKey con la clave pública Receptores
byte[] byteEncryptWithPublicKey = encryptUtil.encryptData(senderSecretKey.getEncoded(),pubKeyReceiver,"RSA/ECB/PKCS1Padding");
String strSenbyteEncryptWithPublicKey = new BASE64Encoder().encode(byteEncryptWithPublicKey);

// 3. Crear un resumen del mensaje de los datos a transmitir
md.update(byteDataToTransmit);
byte byteMDofDataToTransmit[] = md.digest();

String strMDofDataToTransmit = new String();
for (int i = 0; i < byteMDofDataToTransmit.length; i++){
strMDofDataToTransmit = strMDofDataToTransmit + Integer.toHexString((int)byteMDofDataToTransmit[i] & 0xFF) ;
}

// 3.1 Mensaje que se Firmado = clave secreta cifrada + MAC de los datos a transmitir
String strMsgToSign = strSenbyteEncryptWithPublicKey + "|" + strMDofDataToTransmit;

// 4. Firma el mensaje
// 4.1 Obtener la clave privada del remitente desde el almacén de claves, proporcionando la contraseña establecida para la llave privada mientras se crea las llaves usados.
char[] keypassword = "send123".toCharArray();
Key myKey = ks.getKey("testsender", keypassword);
PrivateKey myPrivateKey = (PrivateKey)myKey;

// 4.2 Firmar el mensaje
Signature mySign = Signature.getInstance("MD5withRSA");
mySign.initSign(myPrivateKey);
mySign.update(strMsgToSign.getBytes());
byte[] byteSignedData = mySign.sign();

// 5. Los valores byteSignedData (la firma) y strMsgToSign (los datos que se firmó) se pueden enviar a través del receptor

// 6. Validar la firma
// 6.1 Extraer la clave pública de su certificado de remitentes
X509Certificate sendercert ;
sendercert = (X509Certificate)ks.getCertificate("testsender");
PublicKey pubKeySender = sendercert.getPublicKey();
// 6.2 Verificar la Firma
Signature myVerifySign = Signature.getInstance("MD5withRSA");
myVerifySign.initVerify(pubKeySender);
myVerifySign.update(strMsgToSign.getBytes());

boolean verifySign = myVerifySign.verify(byteSignedData);
if (verifySign == false)
{
System.out.println(" Error in validating Signature ");
}

else
System.out.println(" Successfully validated Signature ");

// 7. Descifrar el mensaje usando la llave privada Pets para obtener la clave simétrica
char[] recvpassword = "recv123".toCharArray();
Key recvKey = ks.getKey("testrecv", recvpassword);
PrivateKey recvPrivateKey = (PrivateKey)recvKey;

// Analizar el MessageDigest y el valor cifrado
String strRecvSignedData = new String (byteSignedData);
String[] strRecvSignedDataArray = new String [10];
strRecvSignedDataArray = strMsgToSign.split("|");
int intindexofsep = strMsgToSign.indexOf("|");
String strEncryptWithPublicKey = strMsgToSign.substring(0,intindexofsep);
String strHashOfData = strMsgToSign.substring(intindexofsep+1);

// Descifrado para obtener la clave simétrica
byte[] bytestrEncryptWithPublicKey = new BASE64Decoder().decodeBuffer(strEncryptWithPublicKey);
byte[] byteDecryptWithPrivateKey = encryptUtil.decryptData(byteEncryptWithPublicKey,recvPrivateKey,"RSA/ECB/PKCS1Padding");

// 8. Descifrar los datos usando la clave simétrica
javax.crypto.spec.SecretKeySpec secretKeySpecDecrypted = new javax.crypto.spec.SecretKeySpec(byteDecryptWithPrivateKey,"AES");
byte[] byteDecryptText = encryptUtil.decryptData(byteCipherText,secretKeySpecDecrypted,"AES");
String strDecryptedText = new String(byteDecryptText);
System.out.println(" Decrypted data is " +strDecryptedText);

// 9. Calcule MessageDigest de datos + mensaje firmado
MessageDigest recvmd = MessageDigest.getInstance("MD5");
recvmd.update(byteDecryptText);
byte byteHashOfRecvSignedData[] = recvmd.digest();

String strHashOfRecvSignedData = new String();

for (int i = 0; i < byteHashOfRecvSignedData.length; i++){
strHashOfRecvSignedData = strHashOfRecvSignedData + Integer.toHexString((int)byteHashOfRecvSignedData[i] & 0xFF) ;
}
// 10. Validar si la síntesis del mensaje del texto coincide con el mensaje descifrado
Digest of the Original Message

if (!strHashOfRecvSignedData.equals(strHashOfData))
{
System.out.println(" Message has been tampered ");
}

}

catch(Exception exp)
{
System.out.println(" Exception caught " + exp);
exp.printStackTrace();
}

}

}
</pre>
==== SymmetricEncrypt.java ====
<pre>package org.owasp.crypto;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.Cipher;
import java.security.Key;

import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import java.security.InvalidAlgorithmParameterException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;

import sun.misc.BASE64Encoder;

/**
* @author Joe Prasanna Kumar
* Este programa ofrece las funcionalidades criptográficas siguientes
* 1. Cifrado con AES
* 2. El descifrado con AES
*
* Algoritmo de alto nivel:
* 1. Generar una clave DES (especificar el tamaño de la clave durante esta fase)
* 2. Cree el Cipher
* 3. Para cifrar: Inicializar el cifrado para el cifrado
* 4. Para descifrar: Inicializar el cifrado para descifrar
*
*
*/

public class SymmetricEncrypt {

String strDataToEncrypt = new String();
String strCipherText = new String();
String strDecryptedText = new String();
static KeyGenerator keyGen;
private static String strHexVal = "0123456789abcdef";

public static SecretKey getSecret(){
/**
* Paso 1. Generación de una clave AES mediante keygenerator
* Inicializa el tamaño de clave de 128
*
*/

try{
keyGen = KeyGenerator.getInstance("AES");
keyGen.init(128);

}

catch(Exception exp)
{
System.out.println(" Exception inside constructor " +exp);
}

SecretKey secretKey = keyGen.generateKey();
return secretKey;
}

/**
* Paso 2. Crear un sistema de cifrado mediante la especificación de los siguientes parámetros
* a. Nombre del algoritmo - aquí es AES
*/

public byte[] encryptData(byte[] byteDataToEncrypt, Key secretKey, String Algorithm) {
byte[] byteCipherText = new byte[200];

try {
Cipher aesCipher = Cipher.getInstance(Algorithm);

/**
* Paso 3. Inicialice el cifrado para el cifrado
*/
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.ENCRYPT_MODE,secretKey);
}

/**
* Paso 4. Cifrar los datos
* 1. Declarar / inicializar los datos. Aquí los datos son de tipo String
* 2. Convertir el texto de entrada a Bytes
* 3. Cifrado de los bytes, utilizando el método doFinal
*/
byteCipherText = aesCipher.doFinal(byteDataToEncrypt);
strCipherText = new BASE64Encoder().encode(byteCipherText);

}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}
catch (Exception exp)
{
exp.printStackTrace();
}

return byteCipherText;
}
/**
* Paso 5. Descifrar los datos
* 1. Inicialice el cifrado para descifrar
* 2. Descifrar los bytes cifrados utilizando el método doFinal
*/

public byte[] decryptData(byte[] byteCipherText, Key secretKey, String Algorithm) {
byte[] byteDecryptedText = new byte[200];

try{
Cipher aesCipher = Cipher.getInstance(Algorithm);
if(Algorithm.equals("AES")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey,aesCipher.getParameters());
}
else if(Algorithm.equals("RSA/ECB/PKCS1Padding")){
aesCipher.init(Cipher.DECRYPT_MODE,secretKey);
}

byteDecryptedText = aesCipher.doFinal(byteCipherText);
strDecryptedText = new String(byteDecryptedText);
}

catch (NoSuchAlgorithmException noSuchAlgo)
{
System.out.println(" No Such Algorithm exists " + noSuchAlgo);
}

catch (NoSuchPaddingException noSuchPad)
{
System.out.println(" No Such Padding exists " + noSuchPad);
}

catch (InvalidKeyException invalidKey)
{
System.out.println(" Invalid Key " + invalidKey);
invalidKey.printStackTrace();
}

catch (BadPaddingException badPadding)
{
System.out.println(" Bad Padding " + badPadding);
badPadding.printStackTrace();
}

catch (IllegalBlockSizeException illegalBlockSize)
{
System.out.println(" Illegal Block Size " + illegalBlockSize);
illegalBlockSize.printStackTrace();
}

catch (InvalidAlgorithmParameterException invalidParam)
{
System.out.println(" Invalid Parameter " + invalidParam);
}

return byteDecryptedText;
}

public static byte[] convertStringToByteArray(String strInput) {
strInput = strInput.toLowerCase();
byte[] byteConverted = new byte[(strInput.length() + 1) / 2];
int j = 0;
int interimVal;
int nibble = -1;

for (int i = 0; i < strInput.length(); ++i) {
interimVal = strHexVal.indexOf(strInput.charAt(i));
if (interimVal >= 0) {
if (nibble < 0) {
nibble = interimVal;
} else {
byteConverted[j++] = (byte) ((nibble << 4) + interimVal);
nibble = -1;
}
}
}

if (nibble >= 0) {
byteConverted[j++] = (byte) (nibble << 4);
}

if (j < byteConverted.length) {
byte[] byteTemp = new byte[j];
System.arraycopy(byteConverted, 0, byteTemp, 0, j);
byteConverted = byteTemp;
}

return byteConverted;
}

public static String convertByteArrayToString(byte[] block) {
StringBuffer buf = new StringBuffer();

for (int i = 0; i < block.length; ++i) {
buf.append(strHexVal.charAt((block[i] >>> 4) & 0xf));
buf.append(strHexVal.charAt(block[i] & 0xf));
}

return buf.toString();
}
}
</pre>
== Referencias ==

#Computer Security Arts and Science – Matt Bishop
#Core Security Patterns – Christopher Steele, Ray Lai and Ramesh Nagappan

[[Category:Java]]

'''Aplicaciones en Ambientes Libres'''

'''Tutor:''' Ing. Tito Armas

'''Traductoroas:''' Bravo Maria Jose y Portilla Maria Fernanda 2012