aspose file tools*
The moose likes Security and the fly likes constructing SSL with Java Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "constructing SSL with Java" Watch "constructing SSL with Java" New topic
Author

constructing SSL with Java

Marko Debac
Ranch Hand

Joined: Aug 21, 2006
Posts: 121
Hi everybody,

I am thinking to take for my final project work for master degree, construct SSL with Java, but I dont have experience at all with secure programing. So, my question is: does anybody now in globaly what I need to do to accomplish that task, what are the steps what I need to take for this?
(I was thinking immplementing this SSL on some simple chat, like one from Java Head First - if some one has seen it)

Can anybody tell me some directions, and is this the hell of a job to do it?


Thank you,
Marko
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41571
    
  54
So you're proposing to take an existing protocol (or possibly one you're inventing for this purpose) and secure it via SSL?

Java has support for HTTP SSL connections, so you could start by studying the differences between HttpUrlConnection and HttpsUrlConnection, and you should begin to get an idea of what is involved. I've never looked at the implementation details, so I've no idea if this is potentially quite easy or rather hard.


Ping & DNS - my free Android networking tools app
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Originally posted by Marko Debac:

I am thinking to take for my final project work for master degree, construct SSL with Java, but I dont have experience at all with secure programing.


SSL is secure socket layer.Means that the end points of the network connection guerantee that the data that you are pushing through would reach the other end securely by encrypting the plain text.In the other end also there has to be a similar architecture to convert the cipher to plain text.

Basically / Conceptually ther are 7 layers in the normal IP stack.But in SSL , a virtual layer is pushed in between the network layer and the transport layer , which actually takes care of the excrytion at one end and decryption in the other.
Do you really want to do this or want to add encryption and decryption in application layer protocol?


Rahul Bhattacharjee
LinkedIn - Blog
Marko Debac
Ranch Hand

Joined: Aug 21, 2006
Posts: 121
Hi,
Basically / Conceptually ther are 7 layers in the normal IP stack.But in SSL , a virtual layer is pushed in between the network layer and the transport layer


Thank you for replay, but one little correction for Rahul: There is perfect network model called ISO/OSI model and it has 7 layers, but we use Internet model which has 5 layers, and SSL is in between first-Application layer and second-Transport layer, and he is got two of his layers: handshake and record layer.

I think that is need to study RMI, JCE and JAAS for implementing SSL.


Cheers,
Marko
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Yes , its true that we are following 5 layered TCP/IP model for internet.

5 layered model

I was under the impression that , SSL/TLS encrypts the TCP packets before putting it into the payload of IP packets.
 
 
subject: constructing SSL with Java