Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

SSL/TLS implementation using JSSE

Dr Anjan Krishnamurthy
Dr Anjan Krishnamurthy

The document summarizes an SSL demonstration done by the MaxQDPro team. It discusses using the keytool utility to generate certificates for secure communication between a client and server. It also describes running an SSL server with the generated keystore and running an SSL client with the truststore to validate the secure connection. The demonstration was developed in Eclipse IDE using JSSE, JCE, and Bouncy Castle libraries for PKI and certificate management.

1 of 15
MaxQDPro Team Anjan.K Harish.R II Sem M.Tech CSE
JSSE Class Diagram Basic Implementation Key tool Parameters Live Demonstration Advanced implementation Certificate generation Live Demonstration Summary References MaxQDPro : SSL Final Demostration 06/10/09
MaxQDPro : SSL Final Demostration 06/10/09
Accomplished under Command prompt with simple command to illustrate working of the SSL Manual Certificate generation accomplished by keytool utility of the Java Certificate required for the secure communication between the client and server keytool -genkey -keystore myKey -keyalg RSA Keystore is key ring securely locked by the receiver RSA is the algorithm used MaxQDPro : SSL Final Demostration 06/10/09
Its a basic command-line tool for manipulating keystores Comes with JDK/JRE distribution Always available at terminal iff path is set properly. Provides generation of keys Export and import of X.509 certificates ability to produce certification requests Available with dozen of options hence no concrete format for the command MaxQDPro : SSL Final Demostration 06/10/09
First switch on the SSL Server with java -Djavax.net.ssl.keyStore=myKey -Djavax.net.ssl.keyStorePassword=123456 EchoServer Switch on the SSLClient with java -Djavax.net.ssl.trustStore=myKey -Djavax.net.ssl.trustStorePassword=123456 EchoClient MaxQDPro : SSL Final Demostration 06/10/09
MaxQDPro : SSL Final Demostration 06/10/09
Software Requirement Specification Operating System : Unix-Variant or Windows latest Programming Language: Java (JDK 1.6 or J2SE 6) Cryptography Provider : Sun JCE and Bouncy Castle JVM : Standard JVM by Sun Tools : Keytool and Policytool Special Libraries : JSSE and JCA IDE : eclipse 3.4 Ganymede 06/10/09 MaxQDPro : SSL Final Demostration
Certificate and the key pairs are auto generated by underlying code written Keystore now creates trust store for the client and server’s keystore and saves them with .jks file extension Client credentials saved as with .p12 (PKCS 12) Developed in eclipse IDE Certificate validation happens till root CA. MaxQDPro : SSL Final Demostration 06/10/09
PKI is used with X.509 for dealing management of the Certificates and hierarchy of the CA’s. JCE providers used are Bouncy Castle (BC) and Sun JCE. JCE provider apart from the standard Sun needs to configured either by editing the .security file security.provider.N=org.bouncycastle.jce.provider.BouncyCastleProvider Adding provider during runtime security. addProvider(new BouncyCastleProvider()); MaxQDPro : SSL Final Demostration 06/10/09
To run the SSLServer Choose the SSLServer main class under run configuration -Djavax.net.ssl.keyStore=server.jks -Djavax.net.ssl.keyStorePassword=serverPassword To run the SSLClient Choose the SSLClient main class under run configuration -Djavax.net.ssl.trustStore=trustStore.jks Look for the parallel console window for output MaxQDPro : SSL Final Demostration 06/10/09
MaxQDPro : SSL Final Demostration 06/10/09
 
JSSE Class Diagram Basic Implementation Key tool Parameters Live Demonstration Advanced implementation Certificate generation Live Demonstration MaxQDPro : SSL Final Demostration 06/10/09
[1] David Hook, “Beginning Cryptography with Java”, 2005 print [2] Jonathan Knudsen, “Java Cryptography”, 1 st edition, 1998 print by O’Reilly [3] David Reilly et.al., “Java Network Programming and Distributed Computing”, 2002 print by Addison Wesley [4] William Stallings, “Cryptography and Network Security”,3 rd edition by Pearson education MaxQDPro : SSL Final Demostration 06/10/09

More Related Content

SSL/TLS implementation using JSSE

  • 1. MaxQDPro Team Anjan.K Harish.R II Sem M.Tech CSE
  • 2. JSSE Class Diagram Basic Implementation Key tool Parameters Live Demonstration Advanced implementation Certificate generation Live Demonstration Summary References MaxQDPro : SSL Final Demostration 06/10/09
  • 3. MaxQDPro : SSL Final Demostration 06/10/09
  • 4. Accomplished under Command prompt with simple command to illustrate working of the SSL Manual Certificate generation accomplished by keytool utility of the Java Certificate required for the secure communication between the client and server keytool -genkey -keystore myKey -keyalg RSA Keystore is key ring securely locked by the receiver RSA is the algorithm used MaxQDPro : SSL Final Demostration 06/10/09
  • 5. Its a basic command-line tool for manipulating keystores Comes with JDK/JRE distribution Always available at terminal iff path is set properly. Provides generation of keys Export and import of X.509 certificates ability to produce certification requests Available with dozen of options hence no concrete format for the command MaxQDPro : SSL Final Demostration 06/10/09
  • 6. First switch on the SSL Server with java -Djavax.net.ssl.keyStore=myKey -Djavax.net.ssl.keyStorePassword=123456 EchoServer Switch on the SSLClient with java -Djavax.net.ssl.trustStore=myKey -Djavax.net.ssl.trustStorePassword=123456 EchoClient MaxQDPro : SSL Final Demostration 06/10/09
  • 7. MaxQDPro : SSL Final Demostration 06/10/09
  • 8. Software Requirement Specification Operating System : Unix-Variant or Windows latest Programming Language: Java (JDK 1.6 or J2SE 6) Cryptography Provider : Sun JCE and Bouncy Castle JVM : Standard JVM by Sun Tools : Keytool and Policytool Special Libraries : JSSE and JCA IDE : eclipse 3.4 Ganymede 06/10/09 MaxQDPro : SSL Final Demostration
  • 9. Certificate and the key pairs are auto generated by underlying code written Keystore now creates trust store for the client and server’s keystore and saves them with .jks file extension Client credentials saved as with .p12 (PKCS 12) Developed in eclipse IDE Certificate validation happens till root CA. MaxQDPro : SSL Final Demostration 06/10/09
  • 10. PKI is used with X.509 for dealing management of the Certificates and hierarchy of the CA’s. JCE providers used are Bouncy Castle (BC) and Sun JCE. JCE provider apart from the standard Sun needs to configured either by editing the .security file security.provider.N=org.bouncycastle.jce.provider.BouncyCastleProvider Adding provider during runtime security. addProvider(new BouncyCastleProvider()); MaxQDPro : SSL Final Demostration 06/10/09
  • 11. To run the SSLServer Choose the SSLServer main class under run configuration -Djavax.net.ssl.keyStore=server.jks -Djavax.net.ssl.keyStorePassword=serverPassword To run the SSLClient Choose the SSLClient main class under run configuration -Djavax.net.ssl.trustStore=trustStore.jks Look for the parallel console window for output MaxQDPro : SSL Final Demostration 06/10/09
  • 12. MaxQDPro : SSL Final Demostration 06/10/09
  • 13.  
  • 14. JSSE Class Diagram Basic Implementation Key tool Parameters Live Demonstration Advanced implementation Certificate generation Live Demonstration MaxQDPro : SSL Final Demostration 06/10/09
  • 15. [1] David Hook, “Beginning Cryptography with Java”, 2005 print [2] Jonathan Knudsen, “Java Cryptography”, 1 st edition, 1998 print by O’Reilly [3] David Reilly et.al., “Java Network Programming and Distributed Computing”, 2002 print by Addison Wesley [4] William Stallings, “Cryptography and Network Security”,3 rd edition by Pearson education MaxQDPro : SSL Final Demostration 06/10/09