BKJAVCRP.RVW 981018 "Java Cryptography", Jonathan Knudsen, 1998, 1-56592-402-9, U$29.95/C$42.95 %A Jonathan Knudsen %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 1998 %G 1-56592-402-9 %I O'Reilly & Associates, Inc. %O U$29.95/C$42.95 800-998-9938 fax: 707-829-0104 nuts@ora.com %P 372 p. %T "Java Cryptography" This book is intended to teach experienced Java programmers how to add cryptographic elements to their applications. The text is not intended to teach encryption algorithms, basic Java programming, or the overall Java security model: there are other books that fulfill those functions. There is one other limitation: much of the book relies on the Java Cryptography Extensions (JCE) which are only available to those in the United States and Canada (nudge, nudge, wink, wink). Chapter one lists some fundamentals of encryption and the relationship to security. There are also a couple of programs right off the bat that will let you explore message digests, and encrypting and decrypting messages. The basics of confidentiality, authentication, and some major cryptographic algorithms are outlined in chapter two. The explanations are quite terse, but not out of line with the aim of the book. Java Security Architecture (JCA) is explained in chapter three, along with a quick overview of the API (Application Programming Interface) and SPI (Service Provider Interface). Chapter four introduces Java's own pseudo-random number generator, plus programming for key seeds from keyboard timing. Key management, in chapter five, is somewhat weak. The APIs only deal with hierarchical key certification, but this may simply be an example of Knudsen dealing strictly with the language, and leaving the concepts to others. I was, however, bemused at some passages that may have suffered from a lack of copy editing: for example, one section that seemed to confuse production of Message Authentication Codes with working on Macintosh computers. Authentication of various types is covered quite well in chapter six. Chapter seven's guide to encryption covers details not normally dealt with in cryptography texts because it must handle all matters related to getting an encryption algorithm to actually function in an application. Chapter eight gives enough detail about signed applets to prove that they are going to be browser specific for a while. Security provider programming is covered in chapter nine, using the ElGamal algorithm as an example. A sample application is created using an encrypted version of the talk utility in chapter ten. An email application is created in chapter eleven using th provider previously generated in chapter nine. Chapter twelve closes off by looking at security design for the system overall. Appendices review BigInteger arithmetic in Java, the Base64 encoding scheme (an option for converting binary objects to text characters for emailing), Java archive files, Javakey, and a quick reference for the Java cryptography classes as covered in the book. Knudsen states that the book is written, as far as possible, without assuming any prior knowledge of cryptography. In this aim he succeeds rather well. The programmer with no background in encryption can still add a reasonable layer of security to his or her application. Those who study further, of course, will be able to ensure a higher level of protection and reliability. copyright Robert M. Slade, 1998 BKJAVCRP.RVW 981018