concepts and needs of cryptography in java-to avoid misuse,unauthorized access

1. concepts and needs of cryptography in java
2. -to avoid misuse,unauthorized access,data theft and data deletion
3. -happens because of decentralizedoperations, diverse internet and distributed systems
4. -uses diphers to encrypt data, certificate to trust and signature to verify the data from tampering
5. -JCA and JCE offers algorithm independence, algorithm extensibility, implementatio independence
6.  
7.  
8. encryption and secret keys
9. -encryption is transforming plain text into a chipher text
10. -symmetric uses any of secret,shared n private key to encrypt and decrypt, uses DES algo
11. -keygenerator used to create secretkeys
12. -asymmetric uses different keys for encrypt and decrypt,public n private keys, uses RSA algo
13.  
14. cipher class
15. -DES is weak
16. -AES is the strongest according to OWASP
17.  
18. digital signatures
19. -MITM is intercepting data flowing between user n webserver
20. -provides private n public key with the data to be transmitted and the receiver will receive sender's public key to decrypt the signature
21. -use signature class of java
22. -use signedobject class to create authentic runtime objects
23. -use sealedobject class to create object with cryptographic algorithm
24. -java xml digital signature used to generate and validate xml signatures
25.  
26. SSL
27. -uses encryption,authentication and digital certificate
28. -JSSE provides SSL implementation using encryption, server authentication and message integrity
29. -supports HTTPS
30.  
31. secure key management
32. -poor key management includes
33. -mishandling keys
34. -incorrect implementation of key generation
35. -confidentiality comprimise
36. -unauthorized use of public and secret keys
37. -comprimise of authenticity
38. -key management system
39. -private keys to create digital signature and public keys to verify the digital signature
40. -keystore
41. -used for managing and storing cryptographic keys and certificates
42. -key management tool
43. -keytool-generates keypairs, import digital certificates, export existing keys, create self signed certificates
44.  
45. digital certificates
46. -used for identifying the author and generally issued by CA
47. -includes user info, user's PK, DC of CA, issue and expiry date
48. -types includes-SSL certificates, code signing certificates, client certificates
49. -signing jars-signing jar files and verifying jar files
50. -use jarsigner
51.  
52. hashing
53. -use java.security.messagedigest
54. -add salt to make it stronger but keep the algo safe
55.  
56. java card cryptography
57. -javacard.framework,javacard.security,javacard.cryptographic
58.  
59. cyptho module in spring
60. -provide classes for symetric encryption,key generation, password encoding
61. -common classes are byteencryptor, textencryptor,
62. queryableencryptor,byteskeygenerator,
63. stringkeygenerator,standardpasswordencoder,
64. md5passwordencoder,bcryptpasswordencoder
65. -JOSE-implementing cryptography to JSON messages
66.  
67. do's and dont's in cryptography
68. -avoid insecure cryptographic algorithms
69. -avoid using statistical PRNG, inadequate padding and insufficient key size
70. -implement strong entropy
71. -implement strong algorithm
72. -