Are you concerned about someone outside your company intercepting a password between your applet and your server? Are you worried about someone inside your company using a packet sniffer to capture the credit card numbers of your customers? No? Well, perhaps you should be! As a first step towards closing your security holes you should pick up a copy of "Java Cryptography". This book is written for the experienced Java developer with no cryptography background who needs to build cryptography into their application. The book starts off with a brief description of secure systems and demonstrates a "Hello zoT1WY1NJA0=!" program. It then gives a fairly detailed description of cryptographic concepts and the Java Cryptography Architecture (JCA). Subsequent chapters discuss how to use the Java Cryptography Extension (JCE). Chapter 5 covers generating and managing symmetric and asymmetric keys with an explanation of the difference. Chapter 6 discusses authenticating users and messages. Signatures and certificates are covered. Chapter 7 covers encryption techniques using different types of ciphers. Chapter 8 covers signing applets. The last chapters include sample encrypted chat and e-mail programs. The end result is a book that provides excellent coverage of cryptography in Java. The only defect in the book is that it is three years old (Java 2 was in beta). Fortunately, the book was written recently enough to include the new utilities used in Java 2. Even though a new edition is desirable, "Java Cryptography" still stands alone as the best book available on this topic. (Thomas Paul - bartender, April 2001)
In it's time "Java Cryptography" was a great book but now it's badly dated, there have been huge changes to both the JCE and the JCA since it came out.
There are are at least two other books that provide a much more up to date guide to the JCE/JCA. If you're really only interested in the JCE Jason Weiss's book "Java Cryptography Extensions: A practical guide" is not a bad place to start, if you want to go further and you're not afraid of getting a bit API specific in parts "Beginning Cryptography with Java" goes beyond the JCE and deals with the JCA and also a lot of the nuances of the Bouncy Castle APIs (and yes, I'm actually the author of the second book so feel free to get a second opinion). Both Jason's book and mine provide examples on-line from the respective publisher's websites, so if your feeling really lost and don't feel like you can afford a book, the examples are not a bad place to start if you're just trying to get yourself into "the saddle".
Sorry, couldn't resist... [ September 14, 2005: Message edited by: David Hook ]