By Dennis M. Sosnoski, Sosnoski Software Associates Ltd
There are many threats to your data security:
If your data is "valuable", any or all of these may target you All you can do is make it as difficult as possible This talk looks at securing communications |
Certificate wraps public key inside digital signature
X.509 certificates most widely used
Internet connections routed through intermediaries
Routers can be hacked
|
At a per-connection level:
// open the keystore KeyStore keyStore = KeyStore.getInstance("JKS"); FileInputStream fis = new FileInputStream(Constants.TRUSTSTORE_NAME); keyStore.load(fis, Constants.TRUSTSTORE_PASS.toCharArray()); // create trust manager that trusts only the server certificate String alg = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmfact = TrustManagerFactory.getInstance(alg); tmfact.init(keyStore); X509TrustManager tm = (X509TrustManager)tmfact.getTrustManagers()[0]; // create the connection configured to use trust manager HttpURLConnection conn = (HttpURLConnection)url.openConnection(); SSLContext context = SSLContext.getInstance("TLS"); context.init(null, new TrustManager[] { tm }, null); SSLSocketFactory sockfactory = context.getSocketFactory(); ((HttpsURLConnection)conn).setSSLSocketFactory(sockfactory); conn.connect(); conn.getInputStream();
Initial steps in establishing a secure connection:
Remaining steps use server cert to secure exchange |
NSA already able to break much encryption
Looks like NSA is starting(?) to store encrypted intercepts
Decryption can be done later (technology, or stolen keys) |