This chapter discusses filter streams that implement some sort of cryptography. The Java core API contains two of these in the java.security package, DigestInputStream and DigestOutputStream. There are two more cryptography streams in the javax.crypto package, CipherInputStream and CipherOutputStream . All four of these streams use an engine object to handle the filtering. DigestInputStream and DigestOutputStream use a MessageDigest object, while CipherInputStream and CipherOutputStream use a Cipher object. The streams rely on the programmer to properly initialize and—in the case of the digest streams—clean up after the engines. Therefore, we’ll first look at the engine classes, then at the streams built around these engines.

In a sane world, these classes would all be part of the core API in a java.crypto package. Regrettably, U.S. export laws prohibit the export of cryptographic software without special permission. Therefore, the cryptography API and associated classes must be downloaded separately from the main JDK. Collectively these are called the Java Cryptography Extension, or JCE for short. To protect national security, you’ll have to fill out a form promising you’re not an international terrorist before you can download it.^[12] I feel safer already. If you’re outside the United States and Canada, and you’re one of the three people worldwide who actually respect U.S. export laws or who can’t figure out how to penetrate the incredible ...