Java 17 to 21: A Showcase of JDK Security Enhancements

Java
3 Mar 202446:31

Summary

TLDR本次演讲由Oracle的Java团队开发者倡导者Anna主讲,她分享了Java安全领域的最新进展。Anna首先介绍了Java安全组件,包括语言、加密、公钥基础设施、安全服务API等,并强调了Java平台持续改进的重要性。她详细讲解了从JDK 17到JDK 21的安全变化,包括对弱算法的限制、新的加密算法的引入、API的改进以及对量子计算机攻击的防护措施。Anna还提到了Java安全配置文件的更新,以及如何通过这些变化来提高应用程序的安全性。最后,她鼓励开发者关注Java安全相关的资源,并参与到Java社区的贡献中。

Takeaways

  • 🔒 Java 安全性不断进化,以应对算法弱化和潜在的量子计算机威胁。
  • 🌟 JDK 17 引入了新的安全特性,包括对安全算法的增强和对弱算法的限制。
  • 🔐 安全管理器(Security Manager)在 JDK 17 中被弃用,但仍然支持,直到 JDK 18。
  • 🛡️ JDK 18 禁用了 SHA-1 和某些 TLS 算法,以提高安全性。
  • 🔑 JDK 20 和 21 提供了更大的密钥尺寸,默认情况下增强了加密算法的安全性。
  • 🌐 引入了后量子密码学算法,如 SSS-LMS 和 XMSS,以抵抗量子计算机攻击。
  • 🔄 JDK 21 引入了新的密钥封装机制 API(CEM),提高了对称密钥加密的效率。
  • 📝 Java 安全配置文件(java.security 文件)允许开发者自定义安全属性。
  • 🔄 JDK 11 和 17 也支持某些 JDK 21 的安全特性,这些特性被回退(backported)。
  • 🔍 Java 安全工具(如 keytool 和 jarsigner)提供了新的功能和警告,以帮助开发者更好地管理密钥和证书。
  • 📖 Java 安全指南和路线图提供了关于 JDK 安全性变化的详细信息和测试指南。

Q & A

  • 在Java团队中,Anna的主要职责是什么?

    -Anna在Java团队中担任开发者倡导者,她喜欢使用Java进行编程,并且也热衷于与Kubernetes一起工作。

  • Java安全组件包括哪些部分?

    -Java安全组件包括语言层面的安全特性、加密组件(JCA)、公钥基础设施(PKI)、安全服务API(GSS-API)、传输层安全性(TLS/DTLS)以及各种安全工具。

  • 为什么开发者需要关注JDK的安全更新?

    -开发者关注JDK安全更新是因为随着时间的推移,我们使用的算法可能会变弱并被更容易地利用。JDK的持续改进使得开发者能够构建更安全的应用程序。

  • JDK 17之后,有哪些安全相关的变更?

    -JDK 17之后,有多项安全相关的变更,包括对加密算法的增强、TLS和DTLS的改进、安全管理器的废弃等。

  • 什么是SSS-LMS签名系统?

    -SSS-LMS(Lattice-based Multi-signature Scheme)是一种基于哈希的签名方案,它是量子抗性的签名算法之一,已经在OpenJDK中实现。

  • 为什么SHA-1在Java 18中被禁用?

    -SHA-1在Java 18中被禁用是因为NIST在2011年宣布了SHA-1的退役计划,并建议到2030年逐步淘汰其在数字签名中的使用。

  • 在Java 11和Java 17中,有哪些安全相关的API改进?

    -Java 11和Java 17中,安全相关的API改进包括对TLS和DTLS签名方案的自定义API、新的系统属性用于启用或禁用XML签名处理模式等。

  • 如何获取JDK安全配置文件的更多信息?

    -可以通过访问dev.java.net、inside.java以及YouTube上的Java频道来获取JDK安全配置文件的更多信息。

  • 开发者如何为Java社区做出贡献?

    -开发者可以通过撰写文章并提交到dev.java.net的仓库来为Java社区做出贡献,这些文章可以是关于Java的高级概念,也可以是基础概念。

  • 在JDK 21中,如何使用新的密钥封装机制API(CEM)?

    -在JDK 21中,新的密钥封装机制API(CEM)允许发送方使用接收方的公钥创建一个包含随机对称密钥的密文,并发送给接收方。接收方使用私钥解密这个密文以获取共享密钥。

Outlines

00:00

📅 安全讲座介绍

本次安全讲座由Anna主持,她是Oracle Java团队的开发者倡导者。Anna介绍了自己对Java编程和Kubernetes的热爱,以及她在过去的工作中对安全性的重视。她强调了Java平台不断改进的重要性,以确保应用程序的安全性。Anna还提到了Java安全组件,包括语言、加密、PKI、GSS API、TLS/DTLS和签名JAR文件等。

05:01

🔐 Java安全组件详解

Anna详细介绍了Java安全组件,包括Java加密架构(JCA)、公钥基础设施(PKI)、通用安全服务应用程序接口(GSSAPI)和传输层安全性(TLS/DTLS)。她还提到了Java安全工具,如密钥和证书管理工具(keytool)和JAR签名工具(jarsigner)。Anna强调了Java安全不仅仅是API,还包括运行时和工具。

10:04

🔒 加密算法的演进

Anna讨论了随着时间的推移,算法可能会变得脆弱并被利用。她提到了Java开发工具包(JDK)如何通过引入新的加密算法来增强安全性,例如在JDK 20和21中引入了更大的密钥尺寸。她还提到了量子计算机对现有数字签名方案的潜在威胁,以及IT行业如何致力于创建抗量子计算的加密算法。

15:06

🚫 限制和禁用弱算法

Anna解释了Java安全团队如何限制和禁用一些已知的弱算法,以保护用户免受潜在的安全威胁。她提到了SHA-1的禁用,以及在JDK 9中移除弱TLS算法的措施。Anna还提到了如何通过Java安全配置文件来设置限制规则,以及如何通过API来禁用这些弱算法。

20:08

🛠️ API改进和安全管理器的弃用

Anna讨论了JDK中API的改进,特别是与安全相关的API。她提到了安全管理器(Security Manager)在JDK 17中的弃用,并解释了如何通过临时启用来适应这一变化。Anna还介绍了新的API,如用于获取密钥存储属性的API,以及用于自定义TLS和DTLS连接的签名方案的API。

25:10

🔑 对称密钥的新加密技术

Anna介绍了JDK 21中引入的新密钥封装机制API(CAME),这是一种使用公钥加密来安全传输对称密钥的方法。她解释了CAME的工作原理,以及如何使用它来提高数据传输的效率。Anna还提到了XML签名API的改进,以及新的系统属性,用于启用或禁用XML签名处理模式。

30:12

💻 操作系统特定的安全特性

Anna讨论了JDK如何适应不同操作系统的安全特性。她提到了Windows和Mac OS中对密钥存储的改进,以及如何通过JDK提供的工具来管理这些安全特性。Anna还提到了JDK证书文件(keytool)的更新,以及如何使用这些工具来提高安全性。

35:16

🔍 监控和社区贡献

Anna强调了监控Java应用程序安全属性的重要性,并介绍了如何使用JDK飞行记录器(Flight Recorder)来跟踪这些属性的变化。她还提到了Java社区的贡献,鼓励开发者分享他们的知识和经验。Anna提供了一些资源链接,以便开发者可以了解更多关于Java安全的信息。

Mindmap

Keywords

💡Java安全

Java安全指的是Java平台提供的安全特性和机制,包括加密、认证、授权等,以保护应用程序和数据。视频中提到Java安全组件,如Java加密架构(JCA)、公钥基础设施(PKI)等,这些都是确保Java应用安全的关键部分。

💡JDK版本

JDK(Java Development Kit)版本指的是Java开发工具包的不同迭代,每个版本都可能包含新的功能、性能改进和安全增强。视频中提到了从JDK 17到JDK 21的安全变化,展示了Java平台如何不断进化以提供更好的安全性。

💡加密算法

加密算法是用于保护数据安全的数学方法,它们可以对数据进行编码,使得只有拥有正确密钥的人才能解码。视频中提到了现代加密算法的引入,以及对弱化算法的限制,这些都是为了提高Java应用的安全性。

💡量子计算机

量子计算机是一种利用量子力学原理进行计算的设备,其计算能力远超传统计算机。视频中提到量子计算机可能对现有的数字签名方案构成威胁,因此Java平台正在研究和集成后量子加密算法。

💡安全配置文件

安全配置文件是Java安全机制的一部分,它允许开发者和管理员配置和调整Java运行时的安全策略。视频中提到了如何通过安全配置文件来限制或启用特定的安全特性。

💡API改进

API(应用程序编程接口)改进指的是对现有API进行的更新和优化,以提供更好的功能、性能或安全性。视频中提到了Java安全API的一些改进,这些改进使得开发者能够更高效地使用Java安全特性。

💡密钥封装机制

密钥封装机制(Key Encapsulation Mechanism, KEM)是一种加密技术,它允许安全地传输对称密钥。在视频中,提到了JDK 21引入的新KEM API,这有助于提高对称密钥交换的效率。

💡安全事件

安全事件是指在Java应用运行过程中发生的与安全相关的事件,如安全属性的加载、安全提供者的实例请求等。视频中提到了如何通过JDK Flight Recorder监控这些安全事件。

💡安全工具

安全工具是用于帮助开发者和管理员管理Java应用安全性的工具,如密钥和证书管理工具。视频中提到了Java安全工具的改进,这些工具可以帮助用户更安全地管理密钥和证书。

💡安全社区贡献

安全社区贡献指的是Java开发者社区成员对Java安全文档、指南和工具的贡献。视频中鼓励开发者参与到Java安全内容的创作和改进中,以帮助整个社区。

Highlights

Anna, a developer advocate at Oracle, discusses Java security enhancements from JDK 17 to 21.

Java security is crucial for building secure software and keeping end users happy.

Java platform continuously improves to allow developers to build secure applications.

JDK releases introduce new features every 6 months, including security enhancements.

The Security Manager was deprecated for removal in JDK 17 due to its brittle permission model and poor performance.

JDK 20 and 21 introduced larger key sizes for stronger encryption by default.

Post-quantum cryptographic algorithms like SSS-LMS and XMS are being incorporated into Java security components.

Java security components include language features, cryptography, PKI, GSS API, TLS, and various tools.

JDK security configuration files allow developers to customize security properties and restrictions.

Weak algorithms like SHA-1 and weak TLS algorithms have been restricted or disabled in recent JDK releases.

New APIs for key encapsulation mechanism (KEM) and XML signatures have been introduced in JDK 21.

JDK security roadmap provides advanced notice of changes, allowing developers to test and prepare for updates.

Some JDK security changes are backported to earlier versions like JDK 8, 11, and 17.

Java security tools like keytool and jarsigner have been improved for better security practices.

Developers can contribute to the Java community by sharing their knowledge on dev.java.net.

Java security resources include the Java security guide, Java security standard algorithm names, and Java security roadmap.

Transcripts

00:00

[Music]

00:07

thank you everyone for joining a

00:09

security talk at 400

00:11

p.m. it's a little late in the afternoon

00:14

for some security topics um however I'm

00:17

grateful that you're here hope you will

00:19

enjoy this presentation until the end

00:21

that you will learn some useful things

00:24

that you can take in your daily

00:26

job and I'm looking forward to your

00:28

questions um at the end of the

00:32

presentation first of all I'm Anna

00:34

currently working as a developer

00:36

advocate in the Java team at Oracle I

00:39

enjoy programming with Java probably

00:41

like many of you since you are in this

00:43

room today and of course I enjoy working

00:46

with kubernetes as well now apart from

00:49

these two passions um I also like

00:52

security um in my past roles I like

00:56

security because I had to because it's

00:58

great to build secure software you have

01:00

your end users happy when they can

01:02

safely use their

01:04

applications uh so kind of security like

01:07

for many of you is embedded in the

01:10

practices that I have when I

01:13

code now when we talk about Java we I

01:17

hope that all of us in this room are

01:19

familiar with the new release Cadence or

01:22

you get to see many features delivered

01:25

every 6 months that you can try uh that

01:29

you can give uh um a feedback on and

01:32

these features are from multiple areas

01:34

many of them on language others on

01:37

performance and someone security yet

01:41

while these features get like Prime Time

01:45

your daily life can be impacted by those

01:47

many many enhancements that are not

01:50

necessarily formulated in a Jeep and

01:53

this presentation will show some of

01:55

those significant changes from 17 to 21

02:00

so if I am to ask you and because this

02:03

is a big room I cannot see all of you

02:06

but if I to ask you the question in the

02:08

slide can you shout at

02:11

me what do you think changed a change

02:14

that happened after jdk

02:16

17 with the security and jdk

02:22

anything just shout

02:24

it

02:26

records records that's a language

02:28

feature

02:32

security manager Bingo that's a very

02:34

good one the application for removal

02:37

we're going to talk a bit about it

02:39

anything else crypto

02:42

crypto that's a broad area we're going

02:44

to talk about it too anything

02:49

else

02:51

what I didn't understand you can you

02:54

please shout it h there TS TLS yes TLS

02:58

enhancements yes all great

03:01

answers and many more because we have 50

03:04

minutes for this presentation so I had

03:06

to fill it with something but the reason

03:09

why we care so much about jdk security

03:11

as developers is because over time the

03:15

algorithms that we are that we're using

03:18

in our applications weaken and can be

03:20

exploited more easily and it happens

03:23

that a GDK release take for example GDK

03:26

8 can Outlast the lifetime when these

03:30

algorithms are viable I mean jdk8

03:34

there's still many applications running

03:35

on those so what happens is that the

03:38

Java platform the jdk gets continuously

03:42

improved so that you can build secure

03:44

applications You're Building modern

03:45

applications but still they have to be

03:47

secured you're choosing Java to evolve

03:50

your applications because you know it's

03:52

secure that's one of the main things

03:54

that comes to your mind besides the

03:56

beautiful language there are many

03:58

beautiful languages that you can utilize

04:00

but you're also choosing them because

04:01

choosing Java because of security and of

04:04

course it's good to say to the business

04:07

Java is

04:08

secure so throughout time I've seen that

04:12

well people can think of java

04:15

security um as was some broad term so

04:19

what is Java security well Java security

04:21

has many components and since I'm going

04:23

to reference them in the presentation I

04:25

just want you to have a picture in your

04:27

head when I'm talking about them so here

04:30

they are the Java security components

04:33

are in the slide and of course they

04:36

start somebody said records of course it

04:39

starts with the

04:40

language um well but in the case of

04:43

security itself that is in the jdk the

04:46

higher level abstractions like you can

04:48

see here in the slide they are built on

04:51

top of lower layer Concepts so this is

04:54

why it's this like a brick wall

04:56

diagram and of course at the bottom the

04:58

Java language anguage is designed to be

05:01

type safe and easy to use so it has many

05:05

features that you probably use in your

05:07

application but the foundation of java

05:09

security well is based on

05:13

cryptography so the cryptography

05:15

component the Java cryptography

05:17

architecture

05:18

jca um or JC the Java cryptography

05:22

extension enables you to encrypt and

05:25

decrypt data in Java manage Keys sign

05:28

and authenticate message

05:30

and much more now we have also pki that

05:34

contains apis and implementations for

05:37

validating and building certification

05:39

paths or certification chains for only

05:41

many of your applications use

05:43

certificates and of course a way to

05:45

store those keys and

05:47

certificates next we go with how the

05:50

programs can access Security Services

05:53

via this lovely acronym which I'm not

05:56

going to read from the slide because I'm

05:57

terrible reading that acronym but we can

05:59

talk afterwards what it means it stands

06:02

for generic Security Service application

06:04

program interface that's why GSS upy and

06:08

the jdk contains such a GSS up

06:10

implementation of curve Ross now the

06:14

transport layer security which was

06:16

mentioned

06:17

earlier that

06:19

component is containing apis for TLS and

06:23

dtls and of course we're signing jars so

06:28

sign jars allow you to apply digital

06:30

signatures to the jar files in order to

06:33

ensure that you're sharing those with

06:35

some data integ the data you have in

06:37

those is shared with data integrity and

06:40

authenticity now the next components

06:43

they're

06:44

together because there are a series of

06:46

Frameworks and apis that are meant for

06:49

authentication and

06:51

authorization and of course probably

06:53

some of you have worked with XML

06:55

signatures which are a component uh well

06:58

this component that contains an API

07:00

implementation for generating and

07:02

validating XML

07:05

signatures but Java security is more

07:09

than just apis built on top on the

07:13

runtime it's also tools because

07:16

sometimes you need tools in your tool

07:18

chains to maybe I don't know validate

07:20

your certificates or and of course if

07:23

the jdk comes with them why not use them

07:25

since they're there so you get a small

07:27

set of tools that can help you set

07:29

security

07:30

policies probably many of you have

07:32

utilized in this lifetime key tool at

07:35

least

07:36

experimentally it's for managing key

07:38

stores keys and certificates of course

07:42

we have jar signer the one that we

07:43

talked a little bit earlier for sign

07:45

jars that helps of course signing those

07:48

jars and the last tab are actually the

07:51

tools for working with

07:54

kbros um but since Kos is not so touched

07:59

uh I'll leave them in peace for the

08:02

moment so hope you're feeling happy to

08:06

explore what happened with jdk

08:10

security and we're going to start with

08:12

the happy Parts modern cryptographic

08:15

algorithms now I started this

08:17

presentation telling you that over time

08:19

most or all algorithms weaken so they

08:22

can be exploited more easily now if you

08:24

get strong args you can continuously um

08:28

benefit of a stronger foundation for

08:30

your

08:32

application larger key sizes have been

08:36

delivered in jdk um 20 and 21 so you can

08:42

benefit of larger key sizes by default

08:45

like in case that when you're relying

08:47

for on the defaults and you're just

08:50

instantiating something um instantiating

08:52

a key without specifying the size

08:53

although that many examples over the

08:55

internet can have the size but if you

08:57

forget about that you don't need to

08:59

worry because the GDK can build that

09:02

securely at its best for you so you can

09:04

have here a table of what changed over

09:08

time this is good because this change

09:11

protects your data and communication by

09:14

using mathematical techniques that

09:16

ensure confidentiality integrity and

09:18

authenticity

09:20

better yet the tides of security threats

09:24

increase with the advancement of

09:26

technology and if you were the Kino this

09:28

morning

09:29

you probably saw the very nice keynote

09:31

about AI how AI can help us but those

09:35

were the good parts Ai and of course

09:39

computers that have large powerful cap

09:42

and large powerful

09:44

capabilities well they can be

09:46

instrumented for the wrong as well so if

09:49

large scale quantum computers are ever

09:52

built just this is a

09:54

hypothesis all widely used digital

09:57

signature schemes like

09:59

DSA RSA ecdsa and so on have the

10:03

potential to be broken that's because

10:05

the power of computation increased so

10:08

the IT industry has worked towards the

10:11

goal of creating postquantum

10:13

cryptographic algorithms that are

10:16

designed to be safe against such

10:19

powerful capabilities to

10:21

compute so as these postquantum

10:24

cryptographic algorithms progress and

10:27

mature of course they become standards

10:30

and are gradually Incorporated with the

10:32

Java security

10:33

components so we got the first post

10:38

Quantum cryptographic algorithms in open

10:41

jdk and you have here the explanation on

10:44

the slide so that you would know what it

10:46

stands for when you read

10:48

SSS

10:50

LMS so the lat Malla signature system is

10:56

one of the um one of these algorithms

11:00

and is the stateful health uh is a

11:02

stateful hash based algorith it's all

11:04

based on the hash based signature scheme

11:07

HPS that's what it's coming from the

11:09

hierarchical signature system is the

11:11

multi- three variant of the previous one

11:13

that's why it's SSS

11:15

LMS and most importantly it's one of the

11:18

two Quantum resistant signature

11:20

algorithms that have been standardized

11:22

there is another one it's called

11:24

XMS uh s it's similar but it's last

11:29

popular so the popular variant was

11:32

chosen um for the use case of such an

11:35

algorithm uh well it's used for software

11:38

and or firware

11:41

signing um and requires for the key and

11:44

signature generation to be performed in

11:46

Hardware cryptographic modules so that

11:50

they because those they do not allow

11:51

secret keying material to be exported

11:54

even in encrypted form that's why it

11:56

makes it quantum resistant it's hard to

11:59

export that from the

12:01

hardware so if we take a step back what

12:04

was done in the jdk right if um the um

12:09

signature generation happens on Hardware

12:12

what's happening in the jdk so when in

12:14

the jdk side the signature verification

12:17

implementation was

12:19

done so while the generation happens on

12:21

Hardware you can verify that signature

12:24

in the

12:25

jdk um and of course

12:29

you can have here in the slides the

12:30

explanations on why these this algorithm

12:33

is very great another thing that I need

12:35

to tell you is that this belief that the

12:38

security of LMS because it depends on

12:41

the security of the underlying hash

12:44

functions well it is believed that this

12:47

security is will never be broken by the

12:50

development of large scale computer

12:52

quantum computers hence why it's so

12:54

loved and

12:55

adopted now how does that look in your

12:58

code so how how do you verify a

13:00

signature with this new algorithm a

13:03

little bit of code in the slide just to

13:05

show you how it looks like you can use a

13:07

key Factory implementation available

13:10

from a provider now in this case if

13:12

you're running it with open jdk

13:13

distribution it probably will choose the

13:15

sound provider because that's the first

13:17

one that it finds it matches it and that

13:20

one will read an SSS LMS public key from

13:22

a stem a serialized

13:25

format so that's Reading part and of

13:29

course you need to verify the validity

13:30

and probably you've wrote this kind of

13:32

code sometimes to verify the validity of

13:35

a signature that uses SSS slms so the

13:38

thing that changed of course is the

13:40

algorithm being supported something

13:42

that's coming in 22 Key tool can also

13:45

operate with this one as well right now

13:47

it's available at the API level but in

13:50

22 jk22 it will have ke tool will have

13:53

that as a feature too so this one was

13:56

was one of the Breakthrough changes of

13:57

21

14:01

but besides the modern cryptographic

14:04

algorithms bringing new on the jdk

14:08

restricts the algorithms that are

14:10

weakened however there are multiple ways

14:13

to limit the usage of vulnerable

14:16

algorithms either the jav Java limits or

14:20

disables them to ensure that you are

14:22

running on a robust environment for your

14:25

not only for your own development but

14:26

also for your end users so what was

14:31

restricted some people probably saw that

14:34

kind of message when they tried to

14:36

validate a jar that was signed with

14:40

shaan and that it was having its

14:43

signature uh generated before 2019 1 of

14:47

January in 2019 so that's get a you get

14:50

a warning on that what's the story

14:52

behind it why Shawan jars were disabled

14:55

by default in Java 18 as the slide says

14:58

well it happens that in

15:00

2011 the National Institutes of

15:02

standards and Technology nist formally

15:06

dicated shaan usage and kind of told the

15:09

people well you know by

15:12

2030 you should kind of phased out the

15:15

usage from digital signatures that news

15:18

came two years later in

15:20

2013 so in consequence shaan was

15:23

disabled in TLS server certificates and

15:25

XML signatures was not just here now in

15:29

order to make sure that people are not

15:30

using this any

15:32

further jdk security team thought it

15:35

would be better if your

15:37

chars if you try to sign your chars with

15:39

this algorithm well to get the warning

15:42

that well um it's not good for you so

15:47

there's a a way to maintain uh backwards

15:49

compatibility of course for some of the

15:52

JS so if your jar was time stamped prior

15:55

to

15:57

20190101 We Shall one you get kind of

16:00

get away with it but uh if you have like

16:04

a very strict security team they can

16:06

alter a little bit the security rules

16:08

for you and they can impediment it so

16:11

I've seen cases when people went even

16:13

stricter given the threat of Shawan

16:15

usage so they restricted their security

16:18

properties even more we're going to talk

16:20

about that in a little

16:21

while so this was

16:24

one um another one delivered a lot

16:28

actually more delivery in 19 and 20

16:31

we're disabling weak TLS algorithms so

16:33

somebody mentioned TLS yes there were

16:35

enhancements but also disabled things

16:37

were disabled with the

16:39

TLs so in order to make it harder to use

16:44

week 3 3D Cipher suits they have been

16:47

removed from uh the TLs Cipher suits in

16:51

jk9 next 3s and arc4 they're also not

16:55

very safe um and because they were not

16:58

very safe also their Amon thls

17:02

ecdh ecdh Cipher suit also was disabled

17:07

because it doesn't preserve forward

17:09

secrecy and also it was rarely used in

17:12

practice sometimes these algorithms

17:14

they're not just insecure but they also

17:16

used in practice so disabling them is

17:18

not that difficult and well tls1.0 T and

17:23

TLS 1.1 they were disabled from April

17:26

2021 but as of J K2 dtls 1.0 is also

17:33

disabled because applications by the way

17:35

should use dtls 1.2 protocol which is

17:38

more secure and supported by the jdk but

17:42

in case that you have

17:45

issues yes you can also enable the one

17:49

that has been disabled you can reenable

17:51

it in the Java security configuration

17:53

file but that's something that you do at

17:54

your own risk so there's always a way to

17:56

alter the Java security file

17:59

but that's at your own risk when the um

18:03

of course the guidance says

18:05

different another thing that

18:08

came in the disabled algorithms area

18:11

restriction rules so how does these

18:13

rules are being put in application how

18:16

about these weak algorithms because they

18:20

they're not taken out they needs to be a

18:22

mechanis for that so in case of Koss

18:26

there's a car five.com file where you

18:28

can set those restriction rules for

18:31

security properties of the jdk of course

18:34

is the Java security configuration file

18:36

you can set there now for kbros for

18:39

those of you that maybe this sounds a

18:41

little bit foreign kbros is the protocol

18:43

for authenticated service requests

18:46

between trusted hosts and across let's

18:48

say in trusted Network like internet but

18:52

probably you saw keros if you ever

18:54

configured an application server like in

18:56

the old times that's probably You' have

18:58

seen curb Ross and details about it in

19:01

case of those application servers

19:03

configuring the KY by 5.com file is

19:06

crucial if you're using jars of course

19:09

for jar verification certificates TLS

19:11

and so on you can always work with a

19:14

Java configuration

19:16

file so for curve Ross let's start how

19:20

does the removing look like so in the

19:24

slide on my left side I would say okay

19:29

you can find on how an exerpt of kerros

19:33

configuration file looks like and I

19:36

extracted those two configurations

19:39

specifically because they're something

19:42

important with them so first of all desk

19:45

three des and rc4 encryption types well

19:47

they were removed from the default list

19:49

of carbros encryption types but

19:51

more um they were

19:55

disabled uh and you see that there's set

19:57

alone that allow weak crypto properties

19:59

set to false in uh in the slide right

20:04

why is that well allow crypto properties

20:08

acting like a global property and when

20:10

it's said to true you're actually

20:12

allowing all the bad algorithms that you

20:13

didn't want to have to be

20:17

selected so what happens if you want to

20:19

selectively reenable some of those

20:23

removed

20:24

weak um Cur encryption types because you

20:27

need it because your application cannot

20:29

evolve without those your server doesn't

20:31

start with that in configuration so in

20:34

those situations when you are in

20:36

need don't go and set allow crypto to

20:39

True by the way you can do that

20:41

selectively with a second property with

20:43

a permitted encryption types so there

20:46

you can go and say Hey I want you to

20:50

enable selectively these algorithms I

20:52

yeah probably they're not secure or

20:54

probably May some of them are secure and

20:57

they haven't been removed but only do

20:59

this for only a selected type don't do

21:01

this for everything they use the global

21:04

one so there's a way to escape but more

21:08

controlled and well it's always to have

21:10

this message that while re-enabling any

21:13

weak encryption type or any algorithm

21:16

that's considered disabled is always at

21:18

your own risk so be pay paying attention

21:22

when you reset your

21:24

configurations they can work against you

21:28

so

21:29

next in the jdk security configuration

21:32

file this is where you can modify

21:34

information about your security

21:36

properties and we have two types of

21:39

security uh properties so now you're

21:42

going to see highlighted in the slides

21:44

the different ones so the first ones are

21:46

the disabled ones this means that this

21:48

configuration restricts various

21:50

functionality Legacy me the other ones

21:53

that you really shouldn't use them

21:56

because they will be disabled most

21:58

likely in a future jdk release so Legacy

22:02

kind of allows you a way to still use

22:05

them but be paying attention that

22:07

sometimes they're going to go in the

22:08

forever gone category of disabled yes

22:11

you can alter the list there but again

22:14

at your own

22:16

risk so somebody else said something jdk

22:21

17 yes security manager security manager

22:25

was deprecated for removal in jdk 17

22:29

H

22:29

but you probably heard a lot about it it

22:33

generated a lot of rumor that

22:35

applications will be so much impacted

22:36

about this even though to your surprise

22:39

you're going to see that well was a

22:40

feature that was originally designed as

22:42

a stand boox for running potentially

22:44

untrusted applets who uses applets

22:48

nowadays then it was later enhanced to

22:52

have a fine grain permission Pro

22:53

permission model that was never widely

22:56

used so uh pretty much it had a lot of

22:59

things that were not useful to us so

23:02

because of the brittle permission model

23:04

difficult programming model and of

23:06

course poor performance that got to its

23:08

deprecation for removal in JK

23:11

177 however security manager still fully

23:14

supported in jdk 17 but you'll receive

23:17

warnings at runtime if you try to use it

23:19

so probably you've seen

23:21

that the other thing is that several

23:25

apis in the jdk thought it was a good

23:28

idea back then to use the security

23:30

manager in the beginning so because they

23:32

were tied to security manager there had

23:34

to be some replacement there needs

23:37

something to be done to it once this one

23:39

is deprecated for removal and because

23:42

some applications really really wanted

23:44

to use the security manager because they

23:46

couldn't upgrade very fast in in time

23:48

but still wanted to take advantage of

23:50

java latest

23:52

features it's also good that you can

23:54

allow the security manager temporarily

23:56

with your application name but you

23:58

should know that since jdk18 is this

24:01

allowed to use so there are still ways

24:03

to use it but pretty much not good so

24:07

let's go back to S to the API story

24:10

there are apis in the jdk that depend on

24:12

that apis that may be un need in your

24:14

day-to-day developer

24:16

life so we're going to go to the API

24:18

enhancements because many of them are

24:20

related to that so in the case of the

24:23

API repl replacement the Jaws apis were

24:27

the ones that were depending on the

24:30

security manager so what happened is

24:32

that the security

24:34

team has been implementing options to

24:37

still use the CH apis but a little

24:41

different so for example the adjust um

24:45

subject to us and subject get subject

24:48

API that dependent on the security

24:50

manager well uh even though they did not

24:53

require the security manager that's the

24:55

fun thing they depended on that one but

24:57

they did not needed it uh well they were

25:01

replaced in

25:02

jdk18 by different apis in the same

25:06

class name subject right so let's see

25:10

how code looks like for such an example

25:13

so for example using the old API the one

25:16

depending on security manager what you

25:19

need here you need to perform work as a

25:22

particular subject right but first you

25:24

require access to you get require

25:27

getting the access control context

25:29

object first I don't know

25:32

why well you yeah just use it further

25:37

and just get the subject so it was

25:40

cumbersome why was that extra object

25:42

needed while now you just invoke the

25:46

current method on the subject which

25:49

makes much more sense right it's much

25:50

more clean you don't need the access

25:52

control context for that you already in

25:55

the

25:56

context next

25:59

related to improvements to

26:00

apis well there are new apis for um

26:06

obtaining access to attributes for in a

26:09

key store so for example if before jdk18

26:12

this is how you would write a piece of

26:14

code to get access to the attributes of

26:17

an

26:18

um to get the attributes of a key store

26:21

so you're first needed to get an entry

26:23

from the key store uh then call the C

26:26

the get attributes on that entry like

26:29

okay so I need to know the entry then

26:32

call the attributes on the entry but I

26:35

want the key store right so why not do

26:38

that so that's the Improvement this it's

26:40

not just less code it's just actually

26:43

not having an extra object when you

26:45

don't need it so access an extra object

26:47

when you actually don't need to use that

26:49

object further in your

26:51

code there are also some improvements to

26:54

the apis that customize TLS and dtl LS

26:58

signature schemes so now they're like

27:00

Setters and Getters for getting the

27:02

signature

27:04

schemes um and when you need to

27:07

negotiate a TLS or dtls

27:09

connection um and yeah this is an

27:12

enhancement for the for a job regarding

27:14

the transport layer protocol that was in

27:17

the past and also for uh TLS and

27:22

dtls

27:23

there there's a new API for um the do I

27:28

duplicate this oh no no there's a new

27:31

API for customizing named groups also

27:34

for TLS and

27:36

dtls um at some point in my slides

27:39

you're going to see like a little flying

27:41

UFO in in down there it's very little

27:44

but I'm going to give you access to the

27:46

slides some of the changes that were

27:47

done in the jdk security were back

27:50

ported as well to 8 11 and 17 so um

27:55

that's the reason you have see the

27:56

little sorts um lateral UFO there uh

28:00

with also with the backboard so that you

28:01

know what was affected and maybe you can

28:03

use it in Prior in Prior jdk versions as

28:07

well so you get set name groups and get

28:10

name groups in

28:12

there

28:15

well this change uh was introduced in

28:18

jdk 20 and allows applications to

28:21

customize and retrieve the prior

28:23

prioritized list of name groups used to

28:26

negotiate a key exchange me a key

28:29

exchange mechanism in dtls or TLS

28:32

connection so they're pretty much

28:34

important at getting access to your um

28:37

prioritized list of name groups when

28:39

you're making a TLS or dtls

28:42

connection great improvements on the API

28:44

so now we have powerful

28:46

apis but in the beginning we we talked

28:49

about SSS LMS and quantum computers so

28:53

let's Circle back a little to that so we

28:55

get better algorithms prams that could

28:58

help us protect our applications against

29:00

post about quantum computer

29:03

attacks but how about other techniques

29:07

new encryption techniques for securing

29:10

symmetric Keys using public key

29:13

cryptography so what we can enhancing

29:15

that so jdk 21 brings a new key

29:20

encapsulation mechanism API it's called

29:22

chem for short now this is a scheme with

29:26

public and private key

29:27

which probably are familiar with but

29:31

what's different to it is that the

29:33

sander uses the public key to create a

29:35

cipher text and encapsulation containing

29:38

a randomly chosen symmetric key and the

29:40

receiver decrypts the encapsulation with

29:42

the private key now unlike the

29:45

traditional uh cryptography methods this

29:47

key encapsulation mechanism is more

29:50

efficient because does not require

29:52

padding when doing the um

29:56

encapsulation because well it deres it

29:59

uses mies the encapsulation by

30:01

deriving um by by using the properties

30:04

of the public key uh to derive the

30:06

related symmetric key that is used there

30:09

in the shared secret so how does that

30:12

look

30:13

like thought to put it here a little bit

30:15

in

30:16

context so the sender creates an

30:21

encapsulation using the public key right

30:25

then the sender uses cam to encrypt data

30:29

using a symmetric algorithm and sends

30:32

that key encapsulation message to the

30:36

receiver the receiver decrypts the king

30:38

capsulation message of course with the

30:40

private

30:41

key so then the rest the encryption and

30:44

the decryption they are done similarly

30:48

now that the shared key is known to both

30:50

of

30:52

them so that was said you can use cam to

30:56

First transmit that shared symmetric key

30:58

and later use it to efficiently encrypt

31:00

the data using that symmetric algorithm

31:02

that you

31:03

chose now the API itself has three parts

31:07

as discussed earlier with the

31:08

encapsulation decapsulation and so on so

31:11

the three parts are as follows of course

31:13

you need to generate the keys so you

31:15

need a key pair generation function that

31:17

is already there actually in the jdk the

31:19

key gen to generate the public key and

31:21

private key there was nothing changed to

31:24

that one but the key pair generator API

31:26

it's in the J for a while now what was

31:29

done new for the cam API was the

31:32

encapsulation function and of course the

31:34

key decapsulation function uh that are

31:37

needed to

31:39

decapsulate the received share key so

31:41

you can output both the sender and the

31:45

receiver can trust each

31:48

other

31:50

moreover in terms of

31:52

changes um in the beginning when we

31:54

talked about components there was a

31:56

component called XML signature that one

31:59

suffed a few changes as well so the API

32:03

for XML signatures changed a little bit

32:05

meaning now that there are two more

32:06

signature methods uis that support the

32:10

Edwards curve digital signature

32:13

algorithm that's a

32:15

adsa um which means that well now you

32:18

can sign and verify um your XML with um

32:23

these two signature

32:25

Uris um uh you can find their the API

32:28

and link to

32:30

it now we also have a new system

32:33

property I put there system property I

32:35

know it's a lot on the slide but I want

32:37

you to make the difference between

32:39

system property and security property so

32:41

You' not be confused which to configure

32:43

where so there's a new system property

32:46

that's called like that's called secure

32:48

validation so it's added there to allow

32:51

you to easily enable or disable XML

32:54

signature processing mode that has like

32:57

a simple mode like enable like true or

33:00

false uh but that one when you set it it

33:04

takes into account the um secure

33:07

validation policies properties that you

33:09

set for your application so you can

33:11

strengthen even more the security for

33:14

your XML signatures if you put this one

33:17

to true that's its

33:20

purpose another important aspect that

33:23

came in

33:24

21 is about here function

33:28

so here function it was an xath function

33:31

that's defined by w3c

33:34

recommendation and for XML

33:37

signatures and it's being used in XML uh

33:40

signatures of course has been used so

33:42

far now the thing is that an upstream

33:44

project that's for XML signatures called

33:47

santuario version

33:49

302 uh decided to remove this function

33:53

however since there were already

33:54

applications Java applications that use

33:56

ACC ml signatures with

33:59

here what the security team thought it

34:02

was be it would be better to have a

34:04

property it has a default value to true

34:07

and somehow maintain the usage of this

34:10

function within the existing security

34:13

Keys the idea is just to have it for the

34:17

moment but eventually will be disabled

34:20

um the support for this one function

34:22

will be disabled since the Upstream

34:24

project doesn't have it anymore but

34:25

gives away for people to accommodate the

34:28

changes in their XML

34:30

signatures until the uh the disable of

34:33

this one is going to become

34:36

permanent another feature that comes

34:38

with uh Java security is fact that some

34:41

some of its changes are tailor to

34:43

operating

34:44

systems so to operating system the

34:47

operating H native security features

34:50

well they're typically targeting either

34:54

Mac Linux or Windows

34:57

for Windows historically speaking before

34:59

jdk9 if you wanted to see the keys and

35:04

certificates in the current user or

35:06

local machine you need of course access

35:10

to them but if you're just using Windows

35:11

my or Windows rout you are not getting

35:15

access to that so in order to uh all the

35:18

time you didn't get access to all of

35:20

those so in order to personalize this

35:22

access to the local machine certificates

35:25

for different users there has been new

35:28

types of key

35:29

store that are called Windows my local

35:32

machine like an example here or Windows

35:34

root local machine key store types they

35:37

provide access to keys and certificates

35:39

stored on the Windows operating systems

35:41

that are available to all accounts and

35:44

of course there are also ones that are

35:47

specific to current user current logged

35:49

user because well that's for to avoid

35:51

the

35:52

confusion uh with the previous windows

35:55

my and windows route respectively

35:57

all these changes are documented in the

35:59

jdk providers guide there's going to be

36:01

a link at the end of the presentation to

36:02

that one now Mac

36:05

OS Mac OS has a story as well now it's

36:10

starting with jdk 21 you can see only

36:13

The Trusted certificates if you're

36:15

running this piece of code so I suggest

36:17

you to run this piece of code for jdk

36:19

less than 21 like I don't know 17 and

36:22

compare it to the result on 21 you're

36:24

going to see to what you really have

36:26

access to on your local machine if you

36:28

have a Mac by the way so starting with

36:31

jdk 21 the Mac OS keychain store

36:33

implementation expose certificates that

36:35

are with proper trust in the user domain

36:38

admin domain or both so before 21 prints

36:42

only the user domain

36:45

certificates after 21 it prints those

36:48

that are you should you should have

36:50

access to and maybe you have access also

36:51

to the admin ones not just the user ones

36:55

that were before

36:58

um okay what I added here is that the

37:01

change was backported as well to jdk 11

37:03

and 17 so it was an important change

37:06

that was thought that it would be good

37:07

also for 11 and 17 to

37:10

have Now updates on jdk kerts file did

37:14

you use kerts

37:17

ever yep you know so you know what's it

37:20

it's Cas as key stor is part of the

37:22

jdk uh is intended to contain the root

37:26

certific that can be used to establish

37:28

trust in certificates Chain empoyed by

37:30

our application right by security

37:32

protocols that are used by our

37:33

application so you probably use it in

37:36

order to establish trust for certain

37:38

certificates now historically speaking

37:41

we used to have the password change it

37:44

we always did the password change it now

37:47

it's no longer

37:48

required of course it doesn't use a

37:51

propriatary format anymore so it uses

37:54

the pkcs 12 format and if you're using

37:57

jks it will give you a nice warning and

37:59

tell you are you sure you want to use

38:00

this

38:02

format and of course public certificates

38:04

are no longer encrypted because well

38:06

they're

38:08

public um apart from caseart

38:10

improvements there have been some tools

38:13

improvements so the evolution of java

38:16

security fostered also connection to the

38:19

tools and the monitoring practices not

38:21

just you know enhancements and

38:22

algorithms and so on it's also good to

38:24

keep an eye on what happens there

38:27

so the changes with the modernized and

38:29

disabled algorithms well they're very

38:32

useful also for key tool so key tool by

38:35

the way besides useful warnings uses

38:39

also those default Roger key key sizes

38:42

uh in jeny pair uh if the key size

38:46

option that you give to keto is not

38:48

there so for example like in this case I

38:50

didn't use the minus key size option and

38:53

by default it generated me a key

38:57

uh with of course the biggest uh size

39:01

that was available by default in my case

39:04

372 another Improvement as of jdk 21

39:09

minus j z key and of course um import

39:13

pass they warn you if you're trying to

39:15

use PBI weak algorithms so they are

39:19

warning you if you're not doing

39:20

something great like in the command here

39:23

what this command is doing actually is

39:24

looking at the

39:27

key algorithm which is Arc four and

39:29

based on that determines that well

39:31

you're trying to use a weak algorithm

39:33

and I should warn you jar signer we

39:36

talked a little bit in the beginning is

39:37

good for signing jars shaan were

39:40

disabled of course but as of

39:44

jdk9 if you need to specify the class

39:47

pad to an alternate key store

39:48

implementation you can now add it with

39:50

minus provider path option because

39:53

sometimes you're not just using the pro

39:55

the security pro providers that the jbk

39:57

comes from there are other security

40:00

providers as well uh and you want choose

40:03

to have one of those for applications it

40:05

can be in the best practices of your

40:07

company some J signer improvements

40:10

besides all that is's a command for

40:12

minus provider path on how it would work

40:14

with a effictive provider of

40:16

course

40:18

um and last but not least for monitoring

40:22

we have some events that we can look

40:27

into um how the properties of our

40:30

application have evolved so there's one

40:31

initial security property that's an an

40:34

event from for jdk flight recorder that

40:37

we can look on the events when they're

40:40

initially loaded when our application

40:41

starts what were the security properties

40:43

that our application started with now

40:46

this event is very useful when our

40:47

application changes its security

40:50

properties in the code decides to like

40:51

okay I'm going to change this um because

40:54

it's needed and so on so it's good for

40:56

keeping keeping an eye on those if you

40:58

really want to disable this one because

40:59

it's enabled by default in the shipped

41:01

default. GFC and profile. GFC uh which

41:05

are shipped with u any jdk well you can

41:10

disable it with these commands if you

41:12

are interested just copypaste them it

41:15

will do the

41:16

disable any of them um another one

41:21

recording details about security

41:23

provider instance request so every time

41:24

that your application is going to access

41:28

get service method that is going to be

41:31

recorded and information about that is

41:33

going to be provided so it serves like

41:36

an announcement location for what's

41:38

coming in

41:40

security each change on this road map

41:42

improves security uh in a different way

41:45

in some way so either that you saw early

41:47

a restriction or disabling of wals or

41:50

defaults have been increased those are

41:53

documented shaan jars disabled those are

41:56

documented very well there uh or like

41:59

tools Improvement that's again

42:01

documented there and of course because

42:05

these changes can impact you in

42:06

applications the javac crypto road map

42:09

provides for each of the

42:11

changes some testing instructions or

42:14

details how you can revert the change

42:16

like I told you in the presentation okay

42:18

if you really need to enable that weak

42:20

encryption type and Cur Ross you can do

42:22

this

42:23

selectively so that's available so it

42:26

can gives you ways to let's say

42:29

perpetuate a bit the change that was

42:31

done there so the benefit of the road

42:35

map is that you get advanced notice of

42:36

each change usually minimum 3 six months

42:40

uh before this happens and you can test

42:42

it so uh with some

42:45

exceptions these changes are backported

42:49

to all update releases so that's

42:51

something very important for you to know

42:52

as

42:53

well uh because while your applications

42:55

can of was as well depend well the

42:57

applications need the same level of

42:59

security across different jdk versions

43:02

maybe you're not using jdk 21 for all of

43:04

them you're using jdk 17 or 11 and some

43:08

of those changes there are backported

43:10

most of the time

43:14

well that being

43:16

said if you want to know more about the

43:20

jdk security there are a series of

43:24

places where you can find information so

43:26

the first place is dev. Java there's a

43:28

security place where there security

43:31

section that contains several articles

43:33

on uh jdk security more will follow

43:37

there's inside. Java where we

43:40

publish um their latest information or

43:43

research on what happens in the security

43:44

so whatever we feel that's relevant and

43:47

the security teams that's relevant we

43:49

put it there on inside. Java and last

43:52

but not least on YouTube on youtube.com/

43:55

jaava our Java Channel where you can get

43:58

information on security but many more

44:00

language features which of course we

44:02

know they're great we love them uh

44:04

performance tips and so many many many

44:07

more so all these places are just a

44:09

place for security and way more things

44:12

that can help you in your daily life as

44:14

Java

44:15

developers but I assume that many of you

44:18

are also experienced Java developers so

44:21

if you would like to teach others or to

44:24

say to others explain Concepts that are

44:27

related to Java it doesn't have to be

44:29

like advanced concepts of java can be

44:31

also basic concepts about Java like kums

44:34

you can help us improve def. Java with

44:37

your contribution because we're a big

44:39

Community we're a Java Community we

44:40

welcome the contributions to dev. Java

44:44

so we have a repo where you can

44:45

contribute with articles if you want to

44:48

contribute please make sure to contact

44:50

me I'm going to share the link with you

44:51

would be my pleasure to explain to you

44:53

how that works you're going to be part

44:55

of a review process as well but it would

44:59

be a great thing for millions of people

45:01

to read your

45:02

work

45:04

so if you want to know like specific

45:07

security stuff that are related to this

45:11

presentation these are part of the links

45:13

that I would like to tell you about so

45:15

there's a Jeet about the deprecation of

45:17

security manager probably you've seen

45:19

that one before but uh Sean Mullen is

45:22

having a very very insightful blog on

45:24

jdk security changes so he captures way

45:27

more even those little little little uh

45:30

changes are captured there so be be sure

45:33

to follow that one as well my place to

45:35

go about algorithm names because I don't

45:38

know them by heart so I'm going always

45:40

to the Java security standard algorithm

45:42

names that's a very useful page and of

45:45

course the Java security guide the road

45:48

map you can find it there and of course

45:50

there are two videos that can help you

45:52

with security

45:54

too so so that was it that I was going

45:57

to tell you about jdk security and what

45:59

changed on it was quite a lot this is

46:02

the link to the slides you can scan it

46:04

uh I'll upload this one to the J Focus

46:08

um site as well so you can get

46:11

it thank

46:13

[Applause]

46:24

you