You can use it to encrypt/decrypt using public/private keys or to sign content. What really interested me was to use the RSA asymmetric method as it has always really appealed to me. Just to recap' on how this works, the idea is that Alice uses two keys: a public key (which anyone and everyone can know) and a private key that only she knows. Anyone can send her an encrypted message using the public key. To decrypt the message you need the private key, so only Alice can read the message. Excellent.
For starters, here's a link to where you can get the keyczar jar library: http://www.keyczar.org/.
You will also need two dependencies:
- the gson jar from Google code:
http://code.google.com/p/google-gson/
- the apache log4j jar:
http://logging.apache.org/log4j/1.2/download.html
Also note: I think JRE 1.6 or more is required to run the jar properly.
There are several steps to getting this up and running:
1. We need to create the public and private key files. The keyczar toolkit provides command line utilities to do this.
2. We need to create the Java code which will encrypt Bob's message to Alice (using the public key), and decrypt Bob's message when it reaches Alice (using the private key) so that Alice, and only Alice, can read it.
This first post will cover how to create the public and private key files using the batch file shown below.
I will add a couple of notes as we go along to explain the various parts of the batch file.
@echo off
setlocal enabledelayedexpansion
We need to set up Java properly, so point this to a JRE on your machine.
:init
set java=java
if exist "C:\Program Files\Java\jre1.6.0_05\bin\java.exe" set java="C:\Program Files\Java\jre1.6.0_05\bin\java.exe"
if exist "C:\Program Files\Java\jre1.6.0_07\bin\java.exe" set java="C:\Program Files\Java\jre1.6.0_07\bin\java.exe"
if not exist %java% goto java_nf
Here we are defining the directory structure to be able to find the jar files which will be passed to the Java command. In my case the batch file is located in a script directory. The 3 jars (keyczar, gson and log4j) are all located on the same level as the script directory i.e. a level above the .bat file. This is why I set the parent variable to ..
set parent=..
Obviously check the exact jar names...
set keyczar=keyczar05b.jar
set gson=gson-1.1.1.jar
set log4j=log4j-1.2.15.jar
if not exist %parent%\%keyczar% goto keyczar_jar_nf
if not exist %parent%\%gson% goto gson_jar_nf
if not exist %parent%\%log4j% goto log4j_jar_nf
goto create_keys
Now we'll be calling the commands to create the keys.
:create_keys
set location=rsakeys\
set public=publickeys\
if not exist %location%%public% mkdir %location%%public%
You will want to make sure each of the following three %java% commands are actually on one line and not cut up as they are here.
Right, first command, create the key set. Note that we'll be using asymmetric RSA.
echo Creating key set
%java% -classpath %parent%/%keyczar%;%parent%/%gson%;%parent%/%log4j% org.keyczar.KeyczarTool create --location=%location% --purpose=crypt --asymmetric=rsa
Second java command: create a key. This will be the secret key. Its status must be set to primary because that means it can be used for decrypting.
echo Creating private decryption key
%java% -classpath %parent%/%keyczar%;%parent%/%gson%;%parent%/%log4j% org.keyczar.KeyczarTool addkey --location=%location% --status=primary
Finally, we create the public key and use a "public" destination for it.
echo Creating public encryption key
%java% -classpath %parent%/%keyczar%;%parent%/%gson%;%parent%/%log4j% org.keyczar.KeyczarTool pubkey --location=%location% --status=active --destination=%location%%public%
goto eof
:java_nf
echo Cannot find java
goto eof
:keyczar_jar_nf
echo Cannot find keyczar jar
goto eof
:gson_jar_nf
echo Cannot find gson jar
goto eof
:log4j_jar_nf
echo Cannot find log4j jar
goto eof
:eof
echo Press any key to quit
pause > NUL
goto blackhole
:blackhole
That's it. Once you run this, you should get the following results:
rsakeys\
publickeys\
1
meta
1
meta
Basically two files for each key: a meta file which describes the key and another file which contains the key itself.
If you're interested there is some excellent documentation on the keyczar wiki at:
http://code.google.com/p/keyczar/w/list
It gives real insight into the key metadata, the various possible values and what they actually mean.
Thoughts for now?
[EDIT: For the second part of this post follow the link: Google KeyCzar Java encryption/decryption]
No comments:
Post a Comment