This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
In a web application if I wants to encrypt/decrypt data going to server and coming back from server, then from where should I start from.
I have searched on web , and found books like - "Beginning cryptography with java by David Hook " , " Java Security(O'rielly)". Should I Prefer these books Or not.
I just don't understand what you are trying to encrypt and decrypt and I dont' see why you want to do it on the client.
What are your business requirements, without using the words encrypt or decrypt?
What is the basic architecture of your application? Are you planning to write a web-app, using Servlets and JSP and HTML?
Again, what are you trying to do with certificates? In practice, having a user deal with certificates is a disaster.
Joined: Feb 05, 2012
If i am making an application like e-procurement then data authentication & integrity should be maintain so I wants to use cryptography.
In an e-procurement system there is a section of bid preparation where user prepare bid documents and filling forms. After completing that one he generate the hash for the documents so that the documents he had attached during the bid preparation can't be altered till bid submission process.And encrypt form data and submit it during bid submission.
At the admin side after time elapsed for bid preparation admin generates super hash (which is similar to signing envelopes to ensure that the bid is closed and no changes are acceptable)
At last in bid submission process bidder finally submit all documents and forms he had prepared during bid preparation time.(He can only read data filled in forms during this stage & submitting documents by comparing their hash values with documents they have attached during bid preparation)
apurv suthar wrote:If i am making an application like e-procurement then data authentication & integrity should be maintain so I wants to use cryptography. (I have no prior experience in cryptography )
I think you simply want to use a server that supports HTTPS protocol. So far, you have not said anything that would drive me to chose to use more complex cryptography. HTTPS does everything you should need.
But you really have to start with the business requirements. You must talk about where code runs, which computers are trusted, etc. You do this before you start cryptography.
There are many good libraries that implement the cryptographic functions, but they do not do the application's business requirements analysis.
I strongly recommend that you forget everything you have read about crypto-certificates until you can describe the business needs.
Joined: Feb 05, 2012
Sorry if I embarrassing you.
Ok can you prefer some material if I wants to implement HTTPS protocol & generate HASH of the document being uploaded.
apurv suthar wrote:Sorry if I embarrassing you. Ok can you prefer some material if I wants to implement HTTPS protocol & generate HASH of the document being uploaded.
You are not embarrassing me, you are simply confusing me.
One relies upon the web server to handle HTTPS. So you need to find the documentation for whatever web server you will be using. Many people us Apache, it has very strong support for HTTPS and is well documented.
Again, what is the business requirement for the hash prior to uploading. I see no value in that. We use underlying protocols that ensure that the data/file is transferred properly and without change.
Joined: Feb 05, 2012
There is a section called "Briefcase" which keeps all documents of the bidders. Bidder can attach any of them in any tender notice.But once he had attached in "bid envelope" during "bid preparation" cant be altered till "bid submission" stage.So I wants to generate HASH for that documents during "preparation" stage so, that it can be ensure during "submission" stage that document is same.
And also that before submitting it on server each document hash also submits with their hash so that on server side it can be ensure that documents are not altered during transmission.