Today's Question:  What weekend projects have you created?        GIVE A SHOUT

  WRITE ARTICLE

 ALL


  Difference between keystore and truststore

Security has become a vital concern in most of the online transactions nowadays. Lots of the world's most popular websites have adopted security protocols to transfer data, especially sensitive data. These security protocols including SSL/TLS which are using the private/public key exchange mechanism to establish secure connections.  The private/public key cryptography is a really important invention and it allows data to be transferred securely and solves the big problem of transferrin...

1,844 0          SECURITY SSL KEYSTORE TRUSTSTORE


  When a CA becomes untrustable

Information security has become a vital part of people's life, especially for those people who spend much time online. Tons of data are being transmitted over the internet every second. These data include user ids, passwords, credit card information etc and some of them are sensitive information which needs secure way to transmit. Hence different protocols have been developed including SSL/TLS to encrypt data transmitted over the internet. The core of these security protocols is the certifi...

2,419 0          APPLE SECURITY GOOGLE MOZILLA NEWS WOSIGN


  Convert JKS to BKS using keytool

There are lots of questions(question 1, question 2) on Stackoverflow about how to convert JKS keystore to BKS keystore(a keystore format provided by BouncyCastle) using Java keytool.  The reason why this conversion gets lots of questions is that BKS is not a keystore format supported by Java SE, it's a third party keystore format. To convert JSK to BKS, the BKS provider has to be downloaded first. And a few more options needs to be added when running the keytool command. The typical co...

4,584 2          JAVA SECURITY JKS KEYTOOL BKS


  Generating CSR using Java

A CSR(Certificate Signing Request) is a kind of request generated by an application and is to be sent to a Certificate Authority to create a signed certificate which can be distributed. It usually contains certificate information such as subject name, public key info and signature info. In Java, keytool can be used to generate a certificate request with option -certreq.  But sometimes if an application wants to create a CSR programmatically, keytool will not do a favor, instead you should u...

3,143 0          JAVA SECURITY CSR CERTIFICATE REQUEST


  Introduction to DTLS(Datagram Transport Layer Security)

Secure communication has become a vital requirement on the Internet. Lots of information transferred through the Internet are sensitive data such as financial transactions, medical information, media streaming etc. To ensure security of data transferred on the Internet, a few secure protocols have been designed including SSL/TLS and IPsec. Many large websites in the world have adopted TLS. Apart from SSL/TLS, there is some other protocol designed to be used in special cases. One of them is ...

2,450 0          SECURITY JAVA 9 DTLS TLS


  Oracle released an urgent Java patch

On March 23, Oracle just released an urgent Java patch which is out of its normal update schedule. The security vulnerability is related to the Java SE running in web browsers on desktops. The CVE ID for this issue is CVE-2016-0636. With the unpatched Java, attackers can remotely exploit the target system without username and credentials. Successful exploits can impact the availability, integrity, and confidentiality of the user's system. When the user access pages containing malicious code...

2,321 0          JAVA SECURITY ORACLE NEWS


  Access control in Java -- doPrivileged

Previously we have introduced how Java performs permission check to protect resource access. What if sometimes we need to give some class the temporary access to some resource which it initially doesn't have? AccessController provides six doPrivileged methods to fulfill this requirement. These six methods have below signatures : static T doPrivileged(PrivilegedAction action)static T doPrivileged(PrivilegedAction action, AccessControlContext context)static T doPrivileged(PrivilegedExceptionA...

1,084 0          JAVA SECURITY DOPRIVILEGED


  Access control in Java -- Permission check order

Previously we showed you how to turn on SecurityManager in Java. After SecurityManager is turned on, a series of permission checks will be applied on the code you are calling in your application to protect some resources against malicious access such as files, sockets etc. To perform these permission checks, a set of Permissions will be created and checked using the AccessController. The AccessController has three purposes : To decide whether an access to a critical system resource is to be all...

1,063 0          JAVA SECURITY ACCESSCONTROLLER