JAVA 암호화 예제


Subject : JAVA 암호화 예제

Solution Description:
=====================

applet에서는 로컬파일시스템에 접근하는게 보안의 취약점때문에 금지되어있다.
그러한 점을 극복하기 위해 java에서는 암호화기법을 사용한다.
그리고 암호화 및 전자사인등은 jdk1.1에서 지원이 가능하게 되었다.
필요하다면 관련 tool 즉 javakey, jar등의 옵션등의 상세한 용법에 대해선 별도의 
언급을 않겠다.

  - 먼저 Web Server 및 jdk1.1.x 환경 상에서

# Step 1.

javakey -cs Duke true

먼저 Duke라는 임의의 믿을만한 확인자(identity)를 생성한다.
그러면 java home directory에 identitydb.obj라는 db file이 생성된다.

# Step 2.

javakey -gk Duke DSA 512 Duke_pub Duke_priv

Duke에 대하여 개인키(private key) 및 공용키(public key)를 생성한다.

# Step 3.

javakey -gc cert_directive_Duke 

인증화일를 생성한다.cert_directive_Duke라는 화일은 인증서를 만들어주는
templete이다. 여기 예에서는 Duke.x509라는 화일을 생성하였다.

# Step 4.

jar cf signedWriteFile.jar writeFile.class writeFile.html

archive를 생성한다.

# Step 5.

javakey -gs sign_directive_Duke signedWriteFile.jar
mv signedWriteFile.jar.sig signedWriteFile.jar
jar tvf signedWriteFile.jar

생성된 archive애 서명을 한다. 
sign_directive_Duke은 서명에 관련된 templete file이다.
그리고 다시 .jar 확장자명으로 바꾸어준다.
다음 서명된 아카이브의 내용을 확인한다.

# Step 6.

javakey -ld

마지막으로 identity database의 내용을 확인하라.



  - 다음은 당신의 시스템에서 위에서 기술한 web server에 액세스하는 test 예제.

appletviewer http://www.svc.hei.co.kr/~java/security/writeFile.html 를 실행하면

'writeFile: caught security exception'와 같은 exception message가 나타날 것이다.

# Step 1.

먼저 위에서 생성된 Duke.x509라는 인증 파일을 얻는다.
 
# Step 2.

javakey -c Duke true

Duke라는 확인자(identity)를 생성한다.

# Step 3.

javakey -ic Duke Duke.x509

Duke.x509를 Duke라는 identity db에 import한다

# Step 4.

appletviewer http://www.svc.hei.co.kr/~java/security/signedWriteFile.html

결과를 확인해보면 당신의 시스템의 /tmp/foo이 있음을 알수 있을 것이다.


  - 다음은 위의 예제에서 사용된 file 예제들이다.

----
. writeFile.java


/**
  * By default, this applet raises a security exception.
  *
  * With JDK 1.1 appletviewer, 
  *  if you configure your system to allow applets signed by "Duke"
  *  to run on your system, then this applet can run and write a file
  *  to your /tmp directory.    (or to the file named "tmpfoo" on a 
  *  Windows system)
  *  
  * @version JDK 1.1
  * @author  Marianne Mueller
  */

import java.awt.*;
import java.io.*;
import java.lang.*;
import java.applet.*;

public class writeFile extends Applet {
    String myFile = "/tmp/foo";
    File f = new File(myFile);
    DataOutputStream dos;

  public void init() {
    
    String osname = System.getProperty("os.name");
    if (osname.indexOf("Windows") != -1) {
      myFile="tmpfoo";
    }
  }

  public void paint(Graphics g) {
	try {
  	  dos = new DataOutputStream(new BufferedOutputStream(new FileOutputStream(myFile),128));
	  dos.writeChars("Cats can hypnotize you when you least expect it\n");
	  dos.flush();
	  g.drawString("Successfully wrote to the file named " + myFile + " -- go take a look at it!", 10, 10);

	  String name = System.getProperty("user.name");
	  g.drawString("And, successfully got user.name ..." + name, 10, 30);
	}


	catch (SecurityException e) {
	  g.drawString("writeFile: caught security exception", 10, 10);
        }
	catch (IOException ioe) {
		g.drawString("writeFile: caught i/o exception", 10, 10);
        }
   }
}

----
. writeFile.html



 Java Security Example: Writing Files
 Java Security Example: Writing Files 


Here's an applet that tries to write to the file /tmp/foo on a Solaris
system (or to the file named "tmpfoo" on a Windows 95 or Windows NT
system.)





Here's the source. 


This applet is signed by Duke - if you've configured your system to 
allow applets signed by Duke to run, go and check your /tmp area!
(Or your c: drive, if you're running on a PC.)   You'll find a
file there named foo, with an important message from Duke :-) 




Back to the Java Security Page - Signed Applet Example


----
. cert_directive_Duke

#
# 96/11/11 	@(#)cert_directive	1.3
# 

#
# This is a sample certificate directive file. 
#

# the id of the signer

issuer.name=Duke

# the cert to use for the signing (this is where it gets it DN)

issuer.cert=1

# the id of the subject

subject.name=Duke

# the components of the X500 name for the subject

subject.real.name=Marianne Mueller
subject.org.unit=JavaSoft 
subject.org=Sun MicroSystems
subject.country=US

# Various parameters: start and end date for validity and expiration
# of the certificate. Serial number. FIle to which to output the
# certificate (optional).

start.date=10 Dec 1996
end.date=1 Sept 1997
serial.number=1001
out.file=Duke.x509


----
. sign_directive_Duke


#
# 96/09/22  @(#)sigdir	1.1
# 

#
# Jar signing directive. This is the directive file used by javakey to 
# sign a jar file.
#

# Which signer to use. This must be in the system's database.

signer=Duke


# Cert number to use for this signer. This determines which
# certificate will be included in the PKCS7 block. This is mandatory
# and is 1 based.  

cert=1


# Cert chain depth of a chain of certificate to include. This is
# currently not supported.

chain=0


# The name to give to the signature file and associated signature
# block.  (i.e. DUKESIGN.SF and DUKESIGN.DSA). This must be 8
# characters or less.

signature.file=DukeSig

----
. signedWriteFile.html



 Java Security Example: Writing Files
 Java Security Example: Writing Files 

Here's an applet that tries to write to the file /tmp/foo: 




and here's the source. 


This applet is signed by Duke - if you've configured your system to 
allow applets signed by Duke to run, go and check your /tmp area!
(Or your c: drive, if you're running on a PC.)   You'll find a
file there named duke.txt, with an important message from Duke :-) 




Back to the Java Security Page/a>

----------------------------------------------------------------------------

Revision History

작성일자 : 97.06.16
작성자 : 이민호

수정일자 :
수정자 :