October 10th, 2002

2016, fenris + phoenix

security -- hip deep in *something*

so............ damn. Spent the last two or so hours hip deep in java security stuff, basically. I'm all OVER both java.security and javax.crypto. what I can't find is a encoding that does public/private key. It took me a long time to figure that out, so far as I can tell.

Cipher implementations available include:
'DESede' 'DES' 'TripleDES' 'PBEWithMD5AndDES' 'PBEWithMD5AndTripleDES' 'Blowfish'

Keypair implementations available include:
'DiffieHellman' 'RSA' 'DSA' '' 'OID.1.2.840.10040.4.1' 'DH' '1.2.840.10040.4.1'

I *have* found an example that uses a DH keypair exchange to then generate a shared DES secret key which can then be used to both encrypt and decrypt.

is this overkill?? the main concern is I use a lot of "defaults" in all of this, and it's mostly stuff I don't understand the internal mechanisms of. And ostensibly HALF of this would be done in the java I "just learned" and half would be done in c/c++ that I have yet to learn but am fairly confident can handle anything java has. however, I have no guarantees that the defaults of the c/c++ libraries would agree with the java defaults. I wasn't too worried with just a "simple"??? private/public generation, send public, encode message with public, send encoded message, decode with private... all I want is to validate one password and I don't give a DAMN if the rest of the conversation is broadcast on times square!



seriously, I'm about to just send the sucker in plain text and to hell with the alamo!

maybe I should sleep on that thought. Or work on some part that doesn't require anything fancy. or... yeah. I can work on it and hope the security fills itself in at some later date. productive good.

(Ideally, RSA would show up among the Ciphers and just make life happy and dandy... maybe it's in the newer crypto stuff released with jdk14?? guh. hmm.)