Trusting Your E-mail with Java Security
By Theodore J. Shrader2003-12-04
Using a secret key
|
|
In the computing world, a key is a unique sequence of bits of a specified length based on the strength of the key. A secret key allows a special form of encryption where users can utilize a single key to both encrypt and decrypt data. For example, a cipher algorithm would take both a secret key and a plain text message to churn out encrypted text. The recipient of the encrypted text can use the same cipher algorithm along with the same secret key to unlock the secret message and gain access to the decrypted, original text.
Secret keys are well suited to address the confidentiality requirement. They are fast and reliable and this adds to their attraction, but where is the accountability? Anyone who owned the secret key could have sent the message. Additionally, if the secret key is lost or is compromised, all messages encrypted with the secret key are vulnerable. This loss leaves all past and current messages exposed. Even future ones can be unlocked if the users or administrators have not detected the loss of the key, as well as changed and redistributed a new secret key.
Secret keys provide a level of integrity -- if the encrypted text was altered, the encrypted text could not be decrypted to its original form -- but integrity without authentication of the sender or originator of the message is of little value. Secret keys do not even attempt to address publication. Everyone who needs the key in this security environment has it.
Tutorial Pages:
» Java technologies give you a complete and secure solution
» Security requirements
» Failing scenarios
» Building closed systems
» Using a secret key
» Opening the message
» Public and private keys
» Signing a message
» Signing messages with Java technologies
» Using PKCS and S/MIME
» Encrypting messages
» Conclusion
First published by IBM DeveloperWorks
