Subject : JAVA 암호화 예제

Solution Description:
=====================

applet에서는 로컬파일시스템에 접근하는게 보안의 취약점때문에 금지되어있다.
그러한 점을 극복하기 위해 java에서는 암호화기법을 사용한다.
그리고 암호화 및 전자사인등은 jdk1.1에서 지원이 가능하게 되었다.
필요하다면 관련 tool 즉 javakey, jar등의 옵션등의 상세한 용법에 대해선 별도의 
언급을 않겠다.

  - 먼저 Web Server 및 jdk1.1.x 환경 상에서

# Step 1.

javakey -cs Duke true

먼저 Duke라는 임의의 믿을만한 확인자(identity)를 생성한다.
그러면 java home directory에 identitydb.obj라는 db file이 생성된다.

# Step 2.

javakey -gk Duke DSA 512 Duke_pub Duke_priv

Duke에 대하여 개인키(private key) 및 공용키(public key)를 생성한다.

# Step 3.

javakey -gc cert_directive_Duke 

인증화일를 생성한다.cert_directive_Duke라는 화일은 인증서를 만들어주는
templete이다. 여기 예에서는 Duke.x509라는 화일을 생성하였다.

# Step 4.

jar cf signedWriteFile.jar writeFile.class writeFile.html

archive를 생성한다.

# Step 5.

javakey -gs sign_directive_Duke signedWriteFile.jar
mv signedWriteFile.jar.sig signedWriteFile.jar
jar tvf signedWriteFile.jar

생성된 archive애 서명을 한다. 
sign_directive_Duke은 서명에 관련된 templete file이다.
그리고 다시 .jar 확장자명으로 바꾸어준다.
다음 서명된 아카이브의 내용을 확인한다.

# Step 6.

javakey -ld

마지막으로 identity database의 내용을 확인하라.



  - 다음은 당신의 시스템에서 위에서 기술한 web server에 액세스하는 test 예제.

appletviewer http://www.svc.hei.co.kr/~java/security/writeFile.html 를 실행하면

'writeFile: caught security exception'와 같은 exception message가 나타날 것이다.

# Step 1.

먼저 위에서 생성된 Duke.x509라는 인증 파일을 얻는다.
 
# Step 2.

javakey -c Duke true

Duke라는 확인자(identity)를 생성한다.

# Step 3.

javakey -ic Duke Duke.x509

Duke.x509를 Duke라는 identity db에 import한다

# Step 4.

appletviewer http://www.svc.hei.co.kr/~java/security/signedWriteFile.html

결과를 확인해보면 당신의 시스템의 /tmp/foo이 있음을 알수 있을 것이다.


  - 다음은 위의 예제에서 사용된 file 예제들이다.

----
. writeFile.java


/**
  * By default, this applet raises a security exception.
  *
  * With JDK 1.1 appletviewer, 
  *  if you configure your system to allow applets signed by "Duke"
  *  to run on your system, then this applet can run and write a file
  *  to your /tmp directory.    (or to the file named "tmpfoo" on a 
  *  Windows system)
  *  
  * @version JDK 1.1
  * @author  Marianne Mueller
  */

import java.awt.*;
import java.io.*;
import java.lang.*;
import java.applet.*;

public class writeFile extends Applet {
    String myFile = "/tmp/foo";
    File f = new File(myFile);
    DataOutputStream dos;

  public void init() {
    
    String osname = System.getProperty("os.name");
    if (osname.indexOf("Windows") != -1) {
      myFile="tmpfoo";
    }
  }

  public void paint(Graphics g) {
	try {
  	  dos = new DataOutputStream(new BufferedOutputStream(new FileOutputStream(myFile),128));
	  dos.writeChars("Cats can hypnotize you when you least expect it\n");
	  dos.flush();
	  g.drawString("Successfully wrote to the file named " + myFile + " -- go take a look at it!", 10, 10);

	  String name = System.getProperty("user.name");
	  g.drawString("And, successfully got user.name ..." + name, 10, 30);
	}


	catch (SecurityException e) {
	  g.drawString("writeFile: caught security exception", 10, 10);
        }
	catch (IOException ioe) {
		g.drawString("writeFile: caught i/o exception", 10, 10);
        }
   }
}

----
. writeFile.html



 Java Security Example: Writing Files

Java Security Example: Writing Files


Here's an applet that tries to write to the file /tmp/foo on a Solaris system (or to the file named "tmpfoo" on a Windows 95 or Windows NT system.)

Here's the source.

This applet is signed by Duke - if you've configured your system to allow applets signed by Duke to run, go and check your /tmp area! (Or your c: drive, if you're running on a PC.) You'll find a file there named foo, with an important message from Duke :-)


Back to the Java Security Page - Signed Applet Example ---- . cert_directive_Duke # # 96/11/11 @(#)cert_directive 1.3 # # # This is a sample certificate directive file. # # the id of the signer issuer.name=Duke # the cert to use for the signing (this is where it gets it DN) issuer.cert=1 # the id of the subject subject.name=Duke # the components of the X500 name for the subject subject.real.name=Marianne Mueller subject.org.unit=JavaSoft subject.org=Sun MicroSystems subject.country=US # Various parameters: start and end date for validity and expiration # of the certificate. Serial number. FIle to which to output the # certificate (optional). start.date=10 Dec 1996 end.date=1 Sept 1997 serial.number=1001 out.file=Duke.x509 ---- . sign_directive_Duke # # 96/09/22 @(#)sigdir 1.1 # # # Jar signing directive. This is the directive file used by javakey to # sign a jar file. # # Which signer to use. This must be in the system's database. signer=Duke # Cert number to use for this signer. This determines which # certificate will be included in the PKCS7 block. This is mandatory # and is 1 based. cert=1 # Cert chain depth of a chain of certificate to include. This is # currently not supported. chain=0 # The name to give to the signature file and associated signature # block. (i.e. DUKESIGN.SF and DUKESIGN.DSA). This must be 8 # characters or less. signature.file=DukeSig ---- . signedWriteFile.html Java Security Example: Writing Files

Java Security Example: Writing Files


Here's an applet that tries to write to the file /tmp/foo:

and here's the source.

This applet is signed by Duke - if you've configured your system to allow applets signed by Duke to run, go and check your /tmp area! (Or your c: drive, if you're running on a PC.) You'll find a file there named duke.txt, with an important message from Duke :-)


Back to the Java Security Page/a> ---------------------------------------------------------------------------- Revision History 작성일자 : 97.06.16 작성자 : 이민호 수정일자 : 수정자 :