Skip to main content


Posted by evanx on March 8, 2007 at 2:55 AM PST

Let's check out some Java Cryptography, considering both symmetric and asymmetric algorithms.

We implement a client and server that mimic how SSL works, where the client uses the server's public key to asymmetrically encrypt and transfer a secret key, which is then used by both sides to encrypt messages using a symmetric cipher.

Code Snippet

The client connects to the server port, negotiates a key exchange, and then communicates securely.

public class CryptonomicalClient extends Thread {
    CryptonomicalSocket cryptoSocket;
    public void run() {
        try {
            String publicKey = cryptoSocket.sendRequest(cryptoRequest);
            String encryptedSecretKey = cryptoSocket.encryptSecretKey();
            String response = cryptoSocket.sendRequest(encryptedSecretKey);
            if (!response.equals(cryptoAcknowledge)) throw new RuntimeException();
        } catch (Exception e) {
        } finally {
    protected void process() throws Exception {
        String response = cryptoSocket.sendRequest("ALL YOUR BASE ARE BELONG TO US.");;

Once key change has been accomplished, we can securely send the server a test message in process().

PS. The title of this article is of course a tribute to Neal Stephenson's book Cryptonomicon, which is on my bedside table right now.