Java Cryptography

Using JCA Securely

Most developers are aware that writing their own implementations of cryptographic algorithms is inviting security trouble, hence most applications access cryptography through the standard Java Cryptographic Architecture (JCA), using an existing crypto provider or Java Crypto Engine (JCE).

However, using a standard crypto provider is by no means the end of the security story. Developers must take care to choose the right algorithms, manage their parameters in the right way, employ the right cryptographic modes for their applications, take care over random number generation, avoid key management vulnerabilities and put all this together into secure cryptographic protocols.

This white paper is intended for developers who use, or are considering using, the Java crypto API, and for application security testers who review crypto security. We will tour the Java crypto API and explain common mistakes that cause security problems and crop up frequently in real applications.

Already registered? Log in here.


As a subscriber to our Knowledge Base, you have free access to all of our white papers, on-demand webinars and more.
Download white paper

Register now

Register for free access to all of our white papers, on-demand webinars and more.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.