Hemant Kesarkar said
The book has good introduction material the examples described in the book are bit old and some of the classes are deprecated. The book also needs an update to include newer features of JCE and JSSE. I hurried up to buy this book and then realized it is bit outdated. Now I have Core security patterns by chris steel which covers well on cryptography api and examples using j2se 5.0 and j2ee 1.4 as well.
zamies said
What's wrong with this book? There is no thorough explanation of the concepts of cryptography, he just starts off taking shotcuts and with code examples that are absolutely not mature.
I have a theoretical background in cryptography, but often had to read the text many times over before I could understand what the author was trying to say.
This is the starting point for a practical guide on java cryptography, an introduction, but by no means enough.
I would have considered giving it 3 stars, weren't it not that het appendix A on Base64coding, another topic that the author doesn't treat, is completely missing !
M. King said
This book delivers on what it promises. A practical guide to implementations using the JCA and JCE. If you're a Java developer starting on projects that deal with certificates, keystores, encryption, digital signatures, tokens, digests, or hardware cryptographic devices (HSMs), then you need to read this book before you begin.
Jason covers the topics he sets out to cover. If your eyes glazed over at the JCA documentation describing EngineSPIs or at mathematical treatises on crypto algorithms, then this book is for you. He gets right to the meat of the matter, and the code is simple enough to follow without having an IDE running. There are only a few typographical flaws, and nothing that distracted from the concepts being explained.
The book walks you through the overall provider architecture, gives examples of provider selection and some key workaround information for some historical problems as the JCA and JCE were being developed, extended, and improved by Sun.
Straight-up crypto is covered with symmetric and asymmetric keys, the coverage of block and stream ciphers, and the importance of specifying chaining (EBC/CBC/etc.) and padding (PKCS1/PKCS5/etc.). Digests, HMACs, Password-based encryption (PBE) and digital certificates are covered, along with key exchange (DH), and key management in keystores. The extra depth the author gives on key management was quite welcome, and often ignored. Examples using the Java keytool utility will also be appreciated by the target audience.
In short, this book is going to be on my required reading list for the Java application developer generalist starting on projects that involve crypto or, in particular, certificates. In my case, I use hardware-based keystores, and this book makes it very easy for me to build a common understanding in explaining what we want our team to accomplish.
This book should take about a week to digest.
What you won't find in this book are recipes or procedures. It's a practical guide, and lives up to the title. This book won't be a help to people writing JCPs either -- it's clearly targeted at the application developer needing to do things like load a certificate, implement a 3DES encryption/decryption, generate keys, or make sure you're using the required JCP implementation for your project. It also won't explain the nuances of ECB and CBC, or Blowfish and AES. But it will give you a practical guide on their fundamental differences as to the impact they have on your development. All example code is in Java. It doesn't cover elliptical algorithms, but, after reading this book, you shouldn't have a problem with writing code that relies on a specific provider's features.
As for the price, quite reasonable, and very useful to pass along or lend to the newcomers to your team.
Comments