1、计算机类外文文献翻译Java核心技术本科毕业论文外文文献及译文文献、资料题目:Core Java Volume IIAdvanced Features文献、资料来源:著作文献、资料发表(出版)日期:2008.12.1院 (部): 计算机科学与技术学院专 业: 网络工程班 级: 姓 名: 学 号: 指导教师: 翻译日期: 外文文献:Core Java Volume IIAdvanced FeaturesWhen Java technology first appeared on the scene, the excitement was not about a well-crafted prog
2、ramming language but about the possibility of safely executing applets that are delivered over the Internet (see Volume I, Chapter 10 for more information about applets). Obviously, delivering executable applets is practical only when the recipients are sure that the code cant wreak havoc on their m
3、achines. For this reason, security was and is a major concern of both the designers and the users of Java technology. This means that unlike other languages and systems, where security was implemented as an afterthought or a reaction to break-ins, security mechanisms are an integral part of Java tec
4、hnology.Three mechanisms help ensure safety: Language design features (bounds checking on arrays, no unchecked type conversions, no pointer arithmetic, and so on). An access control mechanism that controls what the code can do (such as file access, network access, and so on). Code signing, whereby c
5、ode authors can use standard cryptographic algorithms to authenticate Java code. Then, the users of the code can determine exactly who created the code and whether the code has been altered after it was signed.Below, youll see the cryptographic algorithms supplied in the java.security package, which
6、 allow for code signing and user authentication.As we said earlier, applets were what started the craze over the Java platform. In practice, people discovered that although they could write animated applets like the famous nervous text applet, applets could not do a whole lot of useful stuff in the
7、JDK 1.0 security model. For example, because applets under JDK 1.0 were so closely supervised, they couldnt do much good on a corporate intranet, even though relatively little risk attaches to executing an applet from your companys secure intranet. It quickly became clear to Sun that for applets to
8、become truly useful, it was important for users to be able to assign different levels of security, depending on where the applet originated. If an applet comes from a trusted supplier and it has not been tampered with, the user of that applet can then decide whether to give the applet more privilege
9、s.To give more trust to an applet, we need to know two things: Where did the applet come from? Was the code corrupted in transit?In the past 50 years, mathematicians and computer scientists have developed sophisticated algorithms for ensuring the integrity of data and for electronic signatures. The
10、java.security package contains implementations of many of these algorithms. Fortunately, you dont need to understand the underlying mathematics to use the algorithms in the java.security package. In the next sections, we show you how message digests can detect changes in data files and how digital s
11、ignatures can prove the identity of the signer.A message digest is a digital fingerprint of a block of data. For example, the so-called SHA1 (secure hash algorithm #1) condenses any data block, no matter how long, into a sequence of 160 bits (20 bytes). As with real fingerprints, one hopes that no t
12、wo messages have the same SHA1 fingerprint. Of course, that cannot be truethere are only 2160 SHA1 fingerprints, so there must be some messages with the same fingerprint. But 2160 is so large that the probability of duplication occurring is negligible. How negligible? According to James Walsh in Tru
13、e Odds: How Risks Affect Your Everyday Life (Merritt Publishing 1996), the chance that you will die from being struck by lightning is about one in 30,000. Now, think of nine other people, for example, your nine least favorite managers or professors. The chance that you and all of them will die from
14、lightning strikes is higher than that of a forged message having the same SHA1 fingerprint as the original. (Of course, more than ten people, none of whom you are likely to know, will die from lightning strikes. However, we are talking about the far slimmer chance that your particular choice of peop
15、le will be wiped out.)A message digest has two essential properties: If one bit or several bits of the data are changed, then the message digest also changes. A forger who is in possession of a given message cannot construct a fake message that has the same message digest as the original.The second
16、property is again a matter of probabilities, of course. Consider the following message by the billionaire father:Upon my death, my property shall be divided equally among my children; however, my son George shall receive nothing.That message has an SHA1 fingerprint of2D 8B 35 F3 BF 49 CD B1 94 04 E0
17、 66 21 2B 5E 57 70 49 E1 7EThe distrustful father has deposited the message with one attorney and the fingerprint with another. Now, suppose George can bribe the lawyer holding the message. He wants to change the message so that Bill gets nothing. Of course, that changes the fingerprint to a complet
18、ely different bit pattern:2A 33 0B 4B B3 FE CC 1C 9D 5C 01 A7 09 51 0B 49 AC 8F 98 92Can George find some other wording that matches the fingerprint? If he had been the proud owner of a billion computers from the time the Earth was formed, each computing a million messages a second, he would not yet
19、 have found a message he could substitute.A number of algorithms have been designed to compute these message digests. The two best-known are SHA1, the secure hash algorithm developed by the National Institute of Standards and Technology, and MD5, an algorithm invented by Ronald Rivest of MIT. Both a
20、lgorithms scramble the bits of a message in ingenious ways. For details about these algorithms, see, for example, Cryptography and Network Security, 4th ed., by William Stallings (Prentice Hall 2005). Note that recently, subtle regularities have been discovered in both algorithms. At this point, mos
21、t cryptographers recommend avoiding MD5 and using SHA1 until a stronger alternative becomes available. (See for more information.)The Java programming language implements both SHA1 and MD5. The MessageDigest class is a factory for creating objects that encapsulate the fingerprinting algorithms. It h
22、as a static method, called getInstance, that returns an object of a class that extends the MessageDigest class. This means the MessageDigest class serves double duty: As a factory class As the superclass for all message digest algorithmsFor example, here is how you obtain an object that can compute
23、SHA fingerprints:MessageDigest alg = MessageDigest.getInstance(SHA-1);(To get an object that can compute MD5, use the string MD5 as the argument to getInstance.)After you have obtained a MessageDigest object, you feed it all the bytes in the message by repeatedly calling the update method. For examp
24、le, the following code passes all bytes in a file to the alg object just created to do the fingerprinting:InputStream in = . . .int ch;while (ch = in.read() != -1)alg.update(byte) ch);Alternatively, if you have the bytes in an array, you can update the entire array at once:byte bytes = . . .;alg.upd
25、ate(bytes);When you are done, call the digest method. This method pads the inputas required by the fingerprinting algorithmdoes the computation, and returns the digest as an array of bytes.byte hash = alg.digest();The program in Listing 9-15 computes a message digest, using either SHA or MD5. You ca
26、n load the data to be digested from a file, or you can type a message in the text area. Message SigningIn the last section, you saw how to compute a message digest, a fingerprint for the original message. If the message is altered, then the fingerprint of the altered message will not match the finge
27、rprint of the original. If the message and its fingerprint are delivered separately, then the recipient can check whether the message has been tampered with. However, if both the message and the fingerprint were intercepted, it is an easy matter to modify the message and then recompute the fingerpri
28、nt. After all, the message digest algorithms are publicly known, and they dont require secret keys. In that case, the recipient of the forged message and the recomputed fingerprint would never know that the message has been altered. Digital signatures solve this problem.To help you understand how di
29、gital signatures work, we explain a few concepts from the field called public key cryptography. Public key cryptography is based on the notion of a public key and private key. The idea is that you tell everyone in the world your public key. However, only you hold the private key, and it is important
30、 that you safeguard it and dont release it to anyone else. The keys are matched by mathematical relationships, but the exact nature of these relationships is not important for us. (If you are interested, you can look it up in The Handbook of Applied Cryptography at http:/www.cacr.math.uwaterloo.ca/h
31、ac/.)The keys are quite long and complex. For example, here is a matching pair of public and private Digital Signature Algorithm (DSA) keys.Public key:Code View:p:fca682ce8e12caba26efccf7110e526db078b05edecbcd1eb4a208f3ae1617ae01f35b91a47e6df63413c5e12ed0899bcd132acd50d99151bdc43ee737592e17q: 962edd
32、cc369cba8ebb260ee6b6a126d9346e38c5g:678471b27a9cf44ee91a49c5147db1a9aaf244f05a434d6486931d2d14271b9e35030b71fd73da179069b32e2935630e1c2062354d0da20a6c416e50be794ca4y:c0b6e67b4ac098eb1a32c5f8c4c1f0e7e6fb9d832532e27d0bdab9ca2d2a8123ce5a8018b8161a760480fadd040b927281ddb22cb9bc4df596d7de4d1b977d50 Private key:Code View:p:fca682ce8e12caba26efccf7110e526db078b05edecbcd1eb4a208f3ae1617ae01f35b91a47e6df63413c5e12ed0899bcd132acd50d99151bdc43ee737592e17
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1