Chapter 12. Cryptographic Streams
This chapter discusses filter streams for cryptography. The Java core API contains two of these in the java.security
package, DigestInputStream
and DigestOutputStream
. The javax.crypto
package contains two more, CipherInputStream
and CipherOutputStream
. All four of these streams use an engine object to handle the filtering. DigestInputStream
and DigestOutputStream
use a MessageDigest
object while CipherInputStream
and CipherOutputStream
use a Cipher
object. The streams rely on the programmer to properly initialize and—in the case of the digest streams—clean up after the engines. Therefore, we’ll first look at the engine classes and then at the streams built around these engines.
Hash Functions
Sometimes it’s essential to know whether data has changed. For instance, crackers invading Unix systems often replace crucial files like /etc/passwd or /usr/ucb/cc with their own hacked versions that enable them to regain access to the system if the original hole they entered through is plugged. Therefore, if you discover your system has been penetrated, one of the first things you need to do is reinstall any changed files. Of course, this raises the question of how you identify the changed files, especially since anybody who’s capable of replacing system executables is more than capable of resetting the last-modified date of the files. You can keep an offline copy of the system files; but this is costly and difficult, especially since multiple copies need ...
Get Java I/O, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.