by Mary Dageforde
The Java Security API is a new Java core API, built around the
java.securitypackage (and its subpackages). The first release of Java Security in JDK 1.1 contains a subset of cryptography functionality, including APIs for digital signatures and message digests. In addition, there are abstract interfaces for key management and certificate management.
The lessons in this trail describe and show you how to use the main aspects of the Java Security API.
You will learn the definitions of various cryptography terms, and see an overview of the Java Security API and its core classes. You will then learn how to produce "digital signatures" for data, and how to verify the authenticity of such signatures.
WARNING! The Java Security API in JDK 1.1 is incomplete and will change in future releases. For example, it is not possible to import or export public or private keys used to generate and verify digital signatures. Support for specific certificate formats is also not available. Use the JDK 1.1 Java Security API interfaces and classes at your own risk and in full knowledge that some will be modified, expanded, replaced, or eliminated in future releases.
Java Security API Overview provides an overview of the Java Security API. It also includes definitions of important terms, such as "digital signature," "public key," and "private key," and an indication of their use.
Using the Security API to Generate and Verify a Signature walks you step by step through an example of writing a Java program using the Security API to generate a digital signature for data and to verify the authenticity of the signature.