Skip to main content

Cryptonomicon

Posted by evanx on March 8, 2007 at 2:55 AM PST

Let's check out some Java Cryptography, considering both symmetric and asymmetric algorithms.

We implement a client and server that mimic how SSL works, where the client uses the server's public key to asymmetrically encrypt and transfer a secret key, which is then used by both sides to encrypt messages using a symmetric cipher.

Code Snippet

The client connects to the server port, negotiates a key exchange, and then communicates securely.

public class CryptonomicalClient extends Thread {
    CryptonomicalSocket cryptoSocket;
    ...
    public void run() {
        try {
            String publicKey = cryptoSocket.sendRequest(cryptoRequest);
            cryptoSocket.setEncodedPublicKey(publicKey);
            cryptoSocket.generateSecretKey();
            String encryptedSecretKey = cryptoSocket.encryptSecretKey();
            String response = cryptoSocket.sendRequest(encryptedSecretKey);
            if (!response.equals(cryptoAcknowledge)) throw new RuntimeException();
            cryptoSocket.setEncrypt(true);
            process();
        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            cryptoSocket.close();           
        }
    }
   
    protected void process() throws Exception {
        String response = cryptoSocket.sendRequest("ALL YOUR BASE ARE BELONG TO US.");
        logger.info(response);
    }       
}

Once key change has been accomplished, we can securely send the server a test message in process().

PS. The title of this article is of course a tribute to Neal Stephenson's book Cryptonomicon, which is on my bedside table right now.