Hands-On Cryptography with Java

Name: Hands-On Cryptography with Java
Rating: 4.5 (84 reviews)

Learn enough cryptography to solve problems without a math background

Created byPackt Publishing

Last updated 5/2020

English

What you'll learn

Develop applications that use an existing reliable cryptography
Build complex integrations with other systems, taking advantage of worldwide public key infrastructures and certificates
Identify hacking risks in your own and other cryptographic systems and how to fix them
Discover cryptographic terms used to describe any system you work on or with
Design functioning, well-performing applications that use seamless cryptography

Course content

5 sections • 28 lectures • 2h 49m total length

The Course Overview2:23
This video will introduce you to the course
Goals of Cryptography and Where It Is Used5:18
This video explains the industry background, showing that cryptography appears in almost systems.
• Understand what cryptography is used for
• Discuss where is cryptography already used
• Look at the legal implications of using cryptography
History of Cryptography and Why You Shouldn’t Build New Algorithms5:29
This video shows some evolution of cryptography and how it’s changed. It also shows the standards bodies who decide on algorithms.
• Show that cryptography is not new
• Identify standards in cryptography
• Discuss the importance of audit and appearances
The Architectural Layout of Modern Cryptography5:16
This video helps us to relate cryptography to the broader industry, demonstrating some of the problems solved. It focuses on inter-system communication and public key infrastructure.
• Discuss system communication
• Identify role of prior knowledge
• Show how browsers chain trust
Concepts That Will Be Important Later7:27
The aim of this video is to explain background of concepts like CAs, algorithms, to explain the rest of the upcoming course.
• Walk through the public key crypto system (PKCS)
• Compare strength between algorithms
• Learn the pronunciation of ciphers

Symmetric Ciphers and Where They Are Used4:46
The aim of this video is to teach us the role of symmetric ciphers and when to choose them.
• Understand which symmetric ciphers are effective and compatible
• Discuss what it means to have a shared key
• Understand the role of an initialization vector and key
Basic Encryption with Symmetric Ciphers6:42
The aim of this video is to discuss how to use symmetric cipher AES to encrypt and decrypt data.
• Encrypt/decrypt an AES message
• Initiate a cipher with the vector and key
• Wrap Java streams with ciphers
Hashing and MessageDigest For Validations8:29
This video explains the role of hashing to validate files and check sensitive data without storing that data.
• Discuss how hashing protects and validates data
• Learn when to salt and when not to
• Look at an example code to hash known and private data
Common Security Flaws When Using Symmetric Ciphers6:19
This video will discuss what are common problems when implementing code that uses basic ciphers.
• Discuss the risk of shared secrets
• Learn about the common ways in which the keys are lost
• Avoid pre-compute attacks

Asymmetric Ciphers and Where They Are Used4:46
The aim of this video is to teach us the role of asymmetric ciphers and when to choose them.
• Understand which asymmetric ciphers are effective and compatible
• Discuss what it means to have a public and private key
• Learn about the role of asymmetric in HTTPS
Creating A KeyPairGenerator Instance5:18
This video shows you how to make a public/private KeyPair.
• Make a KeyPair to encrypt/decrypt
• Explain how the key starts encryption
• Create keys
Storing the Java KeyStore7:58
The aim of this video is to demonstrate how to store keys securely, alongside certificates.
• Discuss the role of KeyStores to hold keys
• List the different Java cryptographic providers
• Demonstrate how to store keys and certificates
Java KeyTool6:09
The aim of this video is to discuss the role of keytool, an easy tool for working with keys and certificates.
• Learn about what KeyTool does and when/why to use it
• Generate a certificate and keypair
• Interact with keys in a KeyStore
Creating A KeyGenerator Instance3:38
This video compares a KeyGenerator against a KeyPairGenerator, showing how to use each.
• Learn when to use a KeyGenerator
• Discuss why a KeyGenerator sometimes may not be used
• Generate keys with a KeyGenerator
Basic Encryption with Asymmetric Ciphers7:46
This video teaches us how to perform encryption and decryption using asymmetric KeyPairs.
• Show which key is used to encrypt and decrypt
• Demonstrate how to encrypt and decrypt
• Demonstrate how to share encrypted messages between people
What to Do When PKIX Validation Fails4:32
PKIX is a common error that will be seen by developers, where a few solutions will fix its obscurity. We will learn about it in this video.
• Discuss what PKIX means
• Discuss Unlimited Encryption and learn when to use it
• Import certificates into your KeyStore
Java Certificate Chains5:16
This video covers navigating SSL certificates to track a chain of trust.
• Learn what a certificate chain looks like
• Discuss why you would want to look at a certificate chain
• Demonstrate how to access certificates of an HTTPSUrlConnection
The Key Escrow Problem5:18
One of the biggest difficulties in public key cryptography is sharing public keys and knowing who owns it. We will learn about it in this video.
• Explain what escrow means
• Explain escrow of public versus private certificates
• Discuss the difficulty of key management in cloud environments

Using Unique Keys and Certificates5:31
Key re-use is easy but also simplifies role for attackers to brute force implementations. We will about these keys in this video.
• Discuss acceptable re-use versus too much re-use
• Talk about one-time pads
• Compare certificate re-use against password re-use
Certificate Pinning10:08
This video talks about Certificate pinning, which defends against man in the middle attacks by verifying certificates concretely.
• Explain certificate pinning
• Discuss who should worry about pinning and when
• Demonstrate how to pin a certificate
Signed JAR Files7:28
This video discussed about JAR files that defend against code tampering, either during transit or after code has been on a system.
• Explain the problem that signed JARs solve
• Demonstrate how to sign and verify a JAR file
• Explain the role of a timestamp authority when signing
Token Harvesting5:12
One way of bypassing cryptography is simply discovering someone’s secret keys or tokens, either in files or code. We will learn more about it in this video.
• Discuss the problem of locating secret keys
• Demonstrate an example of data loss from harvested tokens
• Show the impact on AWS bills from hijacked tokens
When and How to Upgrade Algorithms5:35
You can’t use the same algorithm forever, so design systems in a way that the encryption can evolve with standards. This video talks about upgrading the algorithms.
• Explain why we upgrade algorithms
• Show times when industry mass-migrated algorithms
• Architect a mechanism for tracking algorithms
Standard Decompilation Tools7:25
Coding secrets into applications does not hide them. In this video, we will analyze Java bytecode to extract not-secret information such as passwords.
• Explain the role of bytecode and decompilation / debugging tools
• Decompile code to reveal stored passwords
• Identify ways to avoid secrets placed in code

Encrypting and Decrypting Files8:19
The aim of this video is to enhance the previous lessons to a more complete version that encrypts/decrypts files.
• Explain the role of Cipher Streams
• Demonstrate full encryption/decryption using these streams
• Discuss the role of try-with-resources on stream
Obtaining Certificates from LetsEncrypt or AWS5:57
Certificates enable encrypted HTTPS communication, and these certificate authorities simply it as low or no cost. We will learn about it in this video.
• Explain the role of Certificate Authorities
• Discuss when and how to use LetsEncrypt
• Learn when and how to use AWS Trust
Qualys SSL Labs for Your Servers5:25
Secure systems require more than cryptography. SSL Labs helps identify flaws in full cryptographic web servers, by analyzing their data, which is covered in this video.
• Explain the role of underlying SSL issues
• Demonstrate using SSL labs on any site
• Discuss how to interpret and act on results
The DeepViolet Security Analyzer5:41
DeepViolet is a library to simplify analysis of SSL connections and diagnose any issues. This video discusses about the same.
• Explain DeepViolet as an easy way to analyze SSL
• How to use DeepViolet as a dependency
• Demonstrate analyzing traffic and comparing to SSL Labs

Requirements

The course requires knowledge of Java programming but does not require a degree in mathematics or advanced computer science.

Description

Security is paramount for any application. Cryptography occurs all across software fields: it protects all HTTPS traffic between browsers, encrypts phone storage against prying eyes, and can even hide files inside other files through a technique called steganography. This course is for developers looking to design a system that uses cryptography, rather than designing new algorithms. Most developers simply need to put the right pieces together to make their own system work.

In this course, you will break down the concepts behind cryptography into simple lessons, covering terminology, algorithms, standards, and encryption/decryption techniques. We will also walk through how cryptographic systems are hacked to bypass (rather than break) their cryptographic capabilities.

The course answers questions such as:

What is cryptography used for?
What are keys and where do they go?
Why do networked systems sometimes give certificate validation errors?
If I need to encrypt something, how should I do that?

By the end of this course, you will recognize cryptographic problems and understand the right knowledge to apply a verifiable solution.

About the Author

Erik Costlow ran Oracle’s Java Root Certificate program, coordinating efforts with many cryptographic organizations. He is an experienced software security expert focused on program analysis and runtime instrumentation to detect security issues and provide useful guidance on fixing any security issues.

Who this course is for:

This video course is for developers whose applications require encryption, or integration with an external cryptographic system.
Java developers building standard applications that require encryption, developers looking to understand flaws in cryptographic systems, and developers who do not want flaws in their cryptographic systems will benefit from this course.

Hands-On Cryptography with Java

What you'll learn

Explore related topics

Course content

Cryptographic Introduction5 lectures • 26min

Basic Ciphers4 lectures • 26min

Advanced Ciphers, Asymmetric, and Public Key9 lectures • 51min

Hacking Techniques – Breaking and Bypassing6 lectures • 41min

Putting it all together4 lectures • 25min

Requirements

Description

Who this course is for: