Today's Question:  What are you most afraid of as a programmer?        GIVE A SHOUT

  WRITE ARTICLE

 ALL


  When a CA becomes untrustable

Information security has become a vital part of people's life, especially for those people who spend much time online. Tons of data are being transmitted over the internet every second. These data include user ids, passwords, credit card information etc and some of them are sensitive information which needs secure way to transmit. Hence different protocols have been developed including SSL/TLS to encrypt data transmitted over the internet. The core of these security protocols is the certifi...

1,833 0 0          APPLE SECURITY GOOGLE MOZILLA NEWS WOSIGN


  Convert JKS to BKS using keytool

There are lots of questions(question 1, question 2) on Stackoverflow about how to convert JKS keystore to BKS keystore(a keystore format provided by BouncyCastle) using Java keytool.  The reason why this conversion gets lots of questions is that BKS is not a keystore format supported by Java SE, it's a third party keystore format. To convert JSK to BKS, the BKS provider has to be downloaded first. And a few more options needs to be added when running the keytool command. The typical co...

1,403 0 0          JAVA SECURITY JKS KEYTOOL BKS


  Generating CSR using Java

A CSR(Certificate Signing Request) is a kind of request generated by an application and is to be sent to a Certificate Authority to create a signed certificate which can be distributed. It usually contains certificate information such as subject name, public key info and signature info. In Java, keytool can be used to generate a certificate request with option -certreq.  But sometimes if an application wants to create a CSR programmatically, keytool will not do a favor, instead you should u...

1,037 0 0          JAVA SECURITY CSR CERTIFICATE REQUEST


  Introduction to DTLS(Datagram Transport Layer Security)

Secure communication has become a vital requirement on the Internet. Lots of information transferred through the Internet are sensitive data such as financial transactions, medical information, media streaming etc. To ensure security of data transferred on the Internet, a few secure protocols have been designed including SSL/TLS and IPsec. Many large websites in the world have adopted TLS. Apart from SSL/TLS, there is some other protocol designed to be used in special cases. One of them is ...

987 0 0          SECURITY JAVA 9 DTLS TLS


  Oracle released an urgent Java patch

On March 23, Oracle just released an urgent Java patch which is out of its normal update schedule. The security vulnerability is related to the Java SE running in web browsers on desktops. The CVE ID for this issue is CVE-2016-0636. With the unpatched Java, attackers can remotely exploit the target system without username and credentials. Successful exploits can impact the availability, integrity, and confidentiality of the user's system. When the user access pages containing malicious code...

1,576 0 0          JAVA SECURITY ORACLE NEWS


  Access control in Java -- doPrivileged

Previously we have introduced how Java performs permission check to protect resource access. What if sometimes we need to give some class the temporary access to some resource which it initially doesn't have? AccessController provides six doPrivileged methods to fulfill this requirement. These six methods have below signatures : static T doPrivileged(PrivilegedAction action)static T doPrivileged(PrivilegedAction action, AccessControlContext context)static T doPrivileged(PrivilegedExceptionA...

606 0 0          JAVA SECURITY DOPRIVILEGED


  Access control in Java -- Permission check order

Previously we showed you how to turn on SecurityManager in Java. After SecurityManager is turned on, a series of permission checks will be applied on the code you are calling in your application to protect some resources against malicious access such as files, sockets etc. To perform these permission checks, a set of Permissions will be created and checked using the AccessController. The AccessController has three purposes : To decide whether an access to a critical system resource is to be all...

623 0 0          JAVA SECURITY ACCESSCONTROLLER


  Signature sign/verification demo in Java

Digital signature is commonly used in areas where data authentication and integrity are required. It is extremely important to have signature while transferring sensitive data from one peer to other peers through network since there might be malicious applications or man-in-the-middle attacks which may alter the data along the way. Java provides some APIs to generate and verify digital signature. One important class is Signature.  When generating the signature, a private key needs to be pa...

1,045 0 0          JAVA SECURITY SIGNATURE