S
Sergio
Hello,
first of all forgive my ignorance about the subject and the likely
silliness of my questions.
I'd like to use the java security API to provide data integrity
features to a database (Oracle).
Basically, I want to store in a table a calculated checksum of the
content of the record's fields of another table whose data needs to be
protected.
I guess the procedure should be implemented like:
1) Build a string from the content of the data fields
2) Hash the string
3) Encrypt the hash
4) Store the result (i.e. the checksum) in the table containing the
signed records
To verify data integrity:
5) Go trough steps 1..3 and compare the results with the content of
table with signed records.
This process needs to be implemented on the client application side
since requires interaction with the user.
I thought I could use a private/public key model and I saw the
examples in the Java Security API docs.
Here are the questions:
A) KeyPairGenerator.getInstance(String digest_algorithm): what factor
should I look at to choose from the available digest algorithms: DSA
and RSA?
B) In the following piece of code:
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
byte rand_bytes[] = new byte[20];
random.nextBytes(rand_bytes);
is the content of "rand_bytes" always the same for every newly created
SecureRandom object?
I mean:
create a SecureRandom object and get "XBDC5debc3" in rand_bytes.
Discard the object and create a new one: get again "XBDC5debc3" in
rand_bytes?
(BTW, this is what I get making some tests)
C) If the answer to above is yes, will the key pair generated by:
keyGen.initialize(1024, secure_random);
KeyPair pair = keyGen.generateKeyPair();
be always the same?
D) If the answer to above is yes, could I use the this "constant" key
pair to both generate the checksum for protected records and verify
the data integrity in any different moment and database transaction?
The point is: can I avoid storing the key pair in the database after
their first created if I always get the same values when
generateKeyPair is invoked?
E) And (final one, thanks for reaching here) if the answer to the
above is yes: how obfuscated can the key pair generation be made to
avoid anyone creating key pairs identical to mine and re-create the
checksum protecting my data after changing them?
Sorry for not being crystal-like and thanks a lot in advance for any
help.
Sergio
first of all forgive my ignorance about the subject and the likely
silliness of my questions.
I'd like to use the java security API to provide data integrity
features to a database (Oracle).
Basically, I want to store in a table a calculated checksum of the
content of the record's fields of another table whose data needs to be
protected.
I guess the procedure should be implemented like:
1) Build a string from the content of the data fields
2) Hash the string
3) Encrypt the hash
4) Store the result (i.e. the checksum) in the table containing the
signed records
To verify data integrity:
5) Go trough steps 1..3 and compare the results with the content of
table with signed records.
This process needs to be implemented on the client application side
since requires interaction with the user.
I thought I could use a private/public key model and I saw the
examples in the Java Security API docs.
Here are the questions:
A) KeyPairGenerator.getInstance(String digest_algorithm): what factor
should I look at to choose from the available digest algorithms: DSA
and RSA?
B) In the following piece of code:
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
byte rand_bytes[] = new byte[20];
random.nextBytes(rand_bytes);
is the content of "rand_bytes" always the same for every newly created
SecureRandom object?
I mean:
create a SecureRandom object and get "XBDC5debc3" in rand_bytes.
Discard the object and create a new one: get again "XBDC5debc3" in
rand_bytes?
(BTW, this is what I get making some tests)
C) If the answer to above is yes, will the key pair generated by:
keyGen.initialize(1024, secure_random);
KeyPair pair = keyGen.generateKeyPair();
be always the same?
D) If the answer to above is yes, could I use the this "constant" key
pair to both generate the checksum for protected records and verify
the data integrity in any different moment and database transaction?
The point is: can I avoid storing the key pair in the database after
their first created if I always get the same values when
generateKeyPair is invoked?
E) And (final one, thanks for reaching here) if the answer to the
above is yes: how obfuscated can the key pair generation be made to
avoid anyone creating key pairs identical to mine and re-create the
checksum protecting my data after changing them?
Sorry for not being crystal-like and thanks a lot in advance for any
help.
Sergio