chapter four

4 Message Integrity and Authentication

 

This chapter covers

  • Guaranteeing data integrity using the Secure Hash Algorithm (SHA)
  • Ensuring sender authenticity using a Hashed Message Authentication Code (HMAC)
  • Ensuring data integrity using an HMAC
  • Using the Java Cryptography Architecture (JCA) and Extensions (JCE)

This chapter is the first step in a friendly introduction to cryptographic algorithms for application developers. We will not cover the mathematics of the cryptography algorithms. Instead, we will demonstrate cryptography concepts with working Java examples so you can build the intuition and background to understand application security.

Cryptographic algorithms are the foundational security building blocks, no matter what programming language you write code in or which cloud provider you deploy your application on. Terse documentation and mysterious error messages from security libraries make perfect sense if you understand the basics of cryptography. No more getting stuck and blindly copying and pasting from stackoverflow.com and blog posts.

Definition

A cryptographic algorithm is a set of mathematical rules used to keep information secure — by scrambling data so only the right people can read it, or by proving data is genuine and unchanged.

4.1 The goals of cryptography

4.2 Cryptographic hash functions

4.2.1 Secure Hash Algorithm (SHA)

4.2.2 Verifying integrity using a cryptographic hash function

4.2.3 Design for hash function change

4.2.4 Exercises

4.3 Java cryptography architecture and extensions

4.4 Implementing message integrity in Java

4.5 Message Authentication Code (MAC)

4.5.1 Hashed Message Authentication Code (HMAC)

4.5.2 Java Support for HMAC

4.5.3 Exercises

4.6 Guaranteeing authenticity using HMAC

4.7 Exercise answers

4.8 Summary