하늘이너무맑다

The JCE API covers:

• Symmetric bulk encryption, such as DES, RC2, and IDEA
• Symmetric stream encryption, such as RC4
• Asymmetric encryption, such as RSA
• Password-based encryption (PBE)
• Key Agreement
• Message Authentication Codes (MAC)

• MessageDigest: used to calculate the message digest (hash) of specified data.

• Signature: used to sign data and verify digital signatures.

• KeyPairGenerator: used to generate a pair of public and private keys suitable for a specified algorithm.

• KeyFactory: used to convert opaque cryptographic keys of type Key into key specifications (transparent representations of the underlying key material), and vice versa.

• CertificateFactory: used to create public key certificates and Certificate Revocation Lists (CRLs).

• KeyStore: used to create and manage a keystore.A keystore is a database of keys. Private keys in a keystore have a certificate chain associated with them, which authenticates the corresponding public key. A keystore also contains certificates from trusted entities.

• AlgorithmParameters: used to manage the parameters for a particular algorithm, including parameter encoding and decoding.

• AlgorithmParameterGenerator: used to generate a set of parameters suitable for a specified algorithm.

• SecureRandom: used to generate random or pseudo-random numbers.

• CertPathBuilder: used to build certificate chains (also known as certification paths).

• CertPathValidator: used to validate certificate chains.

• CertStore: used to retrieve Certificates and CRLs from a repository.

A Message Authentication Code (MAC) provides a way to check the integrity of information transmitted over or stored in an unreliable medium, based on a secret key. Typically, message authentication codes are used between two parties that share a secret key in order to validate information transmitted between these parties.

A MAC mechanism that is based on cryptographic hash functions is referred to as HMAC. HMAC can be used with any cryptographic hash function, e.g., MD5 or SHA-1, in combination with a secret shared key. HMAC is specified in RFC 2104.

• An implementation of the Digital Signature Algorithm (DSA), described in NIST FIPS 186.

• An implementation of the MD5 (RFC 1321) and SHA-1 (NIST FIPS 180-1) message digest algorithms.

• A DSA key pair generator for generating a pair of public and private keys suitable for the DSA algorithm.

• A DSA algorithm parameter generator.

• A DSA algorithm parameter manager.

• A DSA "key factory" providing bi-directional conversions between (opaque) DSA private and public key objects and their underlying key material.

• An implementation of the proprietary "SHA1PRNG" pseudo-random number generation algorithm, following the recommendations in the IEEE P1363 standard (Appendix G.7).

• A "certificate factory" for X.509 certificates and Certificate Revocation Lists (CRLs).

• A keystore implementation for the proprietary keystore type named "JKS".

Secure Sockets Layer Documentation

Online resources:

• Introduction to SSL from Sun™ ONE Software:
  http://docs.sun.com/source/816-6156-10/contents.htm

• The SSL Protocol version 3.0 Internet Draft:
  http://wp.netscape.com/eng/ssl3/ssl-toc.html

• The TLS Protocol version 1.0 RFC:
  http://www.ietf.org/rfc/rfc2246.txt

• "HTTP Over TLS" Information RFC:
  http://www.ietf.org/rfc/rfc2818.txt

Level Inheritance

The inherited level for a given logger C, is equal to the first non-null level in the logger hierarchy, starting at C and proceeding upwards in the hierarchy towards the root logger.

Basic Selection Rule

A log request of level p in a logger with (either assigned or inherited, whichever is appropriate) level q, is enabled if p >= q.