Java Security Solutions

There have been a lot of changes in key exchange methods , including the concept of smart cards. Many of these techniques and Java service providers still use the fundamental algorithms and ideas that were developed in the early 1970s.

This chapter offered a fundamental understanding of the basics of the key exchange. Keys provide a set of users the ability to encrypt and decrypt messages. Any compromise in securing the keys can compromise the integrity and confidentiality of the messages. The security of the messages depends on how keys are stored and exchanged. Throughout my lifetime, I have seen many organizations that were concerned about the strength of the cipher but stored the key on the Web server. The cipher doesn't have any strength if the key is available. Understanding how keys are managed is one of the most important aspects of security. The JDK 1.4 provides many fundamental service providers for key exchange, but more important, it provides the ability to implement your own service provider, as discussed in the next chapter.