Java 17 to 21: A Showcase of JDK Security Enhancements
Summary
TLDR本次演讲由Oracle的Java团队开发者倡导者Anna主讲,她分享了Java安全领域的最新进展。Anna首先介绍了Java安全组件,包括语言、加密、公钥基础设施、安全服务API等,并强调了Java平台持续改进的重要性。她详细讲解了从JDK 17到JDK 21的安全变化,包括对弱算法的限制、新的加密算法的引入、API的改进以及对量子计算机攻击的防护措施。Anna还提到了Java安全配置文件的更新,以及如何通过这些变化来提高应用程序的安全性。最后,她鼓励开发者关注Java安全相关的资源,并参与到Java社区的贡献中。
Takeaways
- 🔒 Java 安全性不断进化,以应对算法弱化和潜在的量子计算机威胁。
- 🌟 JDK 17 引入了新的安全特性,包括对安全算法的增强和对弱算法的限制。
- 🔐 安全管理器(Security Manager)在 JDK 17 中被弃用,但仍然支持,直到 JDK 18。
- 🛡️ JDK 18 禁用了 SHA-1 和某些 TLS 算法,以提高安全性。
- 🔑 JDK 20 和 21 提供了更大的密钥尺寸,默认情况下增强了加密算法的安全性。
- 🌐 引入了后量子密码学算法,如 SSS-LMS 和 XMSS,以抵抗量子计算机攻击。
- 🔄 JDK 21 引入了新的密钥封装机制 API(CEM),提高了对称密钥加密的效率。
- 📝 Java 安全配置文件(java.security 文件)允许开发者自定义安全属性。
- 🔄 JDK 11 和 17 也支持某些 JDK 21 的安全特性,这些特性被回退(backported)。
- 🔍 Java 安全工具(如 keytool 和 jarsigner)提供了新的功能和警告,以帮助开发者更好地管理密钥和证书。
- 📖 Java 安全指南和路线图提供了关于 JDK 安全性变化的详细信息和测试指南。
Q & A
在Java团队中,Anna的主要职责是什么?
-Anna在Java团队中担任开发者倡导者,她喜欢使用Java进行编程,并且也热衷于与Kubernetes一起工作。
Java安全组件包括哪些部分?
-Java安全组件包括语言层面的安全特性、加密组件(JCA)、公钥基础设施(PKI)、安全服务API(GSS-API)、传输层安全性(TLS/DTLS)以及各种安全工具。
为什么开发者需要关注JDK的安全更新?
-开发者关注JDK安全更新是因为随着时间的推移,我们使用的算法可能会变弱并被更容易地利用。JDK的持续改进使得开发者能够构建更安全的应用程序。
JDK 17之后,有哪些安全相关的变更?
-JDK 17之后,有多项安全相关的变更,包括对加密算法的增强、TLS和DTLS的改进、安全管理器的废弃等。
什么是SSS-LMS签名系统?
-SSS-LMS(Lattice-based Multi-signature Scheme)是一种基于哈希的签名方案,它是量子抗性的签名算法之一,已经在OpenJDK中实现。
为什么SHA-1在Java 18中被禁用?
-SHA-1在Java 18中被禁用是因为NIST在2011年宣布了SHA-1的退役计划,并建议到2030年逐步淘汰其在数字签名中的使用。
在Java 11和Java 17中,有哪些安全相关的API改进?
-Java 11和Java 17中,安全相关的API改进包括对TLS和DTLS签名方案的自定义API、新的系统属性用于启用或禁用XML签名处理模式等。
如何获取JDK安全配置文件的更多信息?
-可以通过访问dev.java.net、inside.java以及YouTube上的Java频道来获取JDK安全配置文件的更多信息。
开发者如何为Java社区做出贡献?
-开发者可以通过撰写文章并提交到dev.java.net的仓库来为Java社区做出贡献,这些文章可以是关于Java的高级概念,也可以是基础概念。
在JDK 21中,如何使用新的密钥封装机制API(CEM)?
-在JDK 21中,新的密钥封装机制API(CEM)允许发送方使用接收方的公钥创建一个包含随机对称密钥的密文,并发送给接收方。接收方使用私钥解密这个密文以获取共享密钥。
Outlines
📅 安全讲座介绍
本次安全讲座由Anna主持,她是Oracle Java团队的开发者倡导者。Anna介绍了自己对Java编程和Kubernetes的热爱,以及她在过去的工作中对安全性的重视。她强调了Java平台不断改进的重要性,以确保应用程序的安全性。Anna还提到了Java安全组件,包括语言、加密、PKI、GSS API、TLS/DTLS和签名JAR文件等。
🔐 Java安全组件详解
Anna详细介绍了Java安全组件,包括Java加密架构(JCA)、公钥基础设施(PKI)、通用安全服务应用程序接口(GSSAPI)和传输层安全性(TLS/DTLS)。她还提到了Java安全工具,如密钥和证书管理工具(keytool)和JAR签名工具(jarsigner)。Anna强调了Java安全不仅仅是API,还包括运行时和工具。
🔒 加密算法的演进
Anna讨论了随着时间的推移,算法可能会变得脆弱并被利用。她提到了Java开发工具包(JDK)如何通过引入新的加密算法来增强安全性,例如在JDK 20和21中引入了更大的密钥尺寸。她还提到了量子计算机对现有数字签名方案的潜在威胁,以及IT行业如何致力于创建抗量子计算的加密算法。
🚫 限制和禁用弱算法
Anna解释了Java安全团队如何限制和禁用一些已知的弱算法,以保护用户免受潜在的安全威胁。她提到了SHA-1的禁用,以及在JDK 9中移除弱TLS算法的措施。Anna还提到了如何通过Java安全配置文件来设置限制规则,以及如何通过API来禁用这些弱算法。
🛠️ API改进和安全管理器的弃用
Anna讨论了JDK中API的改进,特别是与安全相关的API。她提到了安全管理器(Security Manager)在JDK 17中的弃用,并解释了如何通过临时启用来适应这一变化。Anna还介绍了新的API,如用于获取密钥存储属性的API,以及用于自定义TLS和DTLS连接的签名方案的API。
🔑 对称密钥的新加密技术
Anna介绍了JDK 21中引入的新密钥封装机制API(CAME),这是一种使用公钥加密来安全传输对称密钥的方法。她解释了CAME的工作原理,以及如何使用它来提高数据传输的效率。Anna还提到了XML签名API的改进,以及新的系统属性,用于启用或禁用XML签名处理模式。
💻 操作系统特定的安全特性
Anna讨论了JDK如何适应不同操作系统的安全特性。她提到了Windows和Mac OS中对密钥存储的改进,以及如何通过JDK提供的工具来管理这些安全特性。Anna还提到了JDK证书文件(keytool)的更新,以及如何使用这些工具来提高安全性。
🔍 监控和社区贡献
Anna强调了监控Java应用程序安全属性的重要性,并介绍了如何使用JDK飞行记录器(Flight Recorder)来跟踪这些属性的变化。她还提到了Java社区的贡献,鼓励开发者分享他们的知识和经验。Anna提供了一些资源链接,以便开发者可以了解更多关于Java安全的信息。
Mindmap
Keywords
💡Java安全
💡JDK版本
💡加密算法
💡量子计算机
💡安全配置文件
💡API改进
💡密钥封装机制
💡安全事件
💡安全工具
💡安全社区贡献
Highlights
Anna, a developer advocate at Oracle, discusses Java security enhancements from JDK 17 to 21.
Java security is crucial for building secure software and keeping end users happy.
Java platform continuously improves to allow developers to build secure applications.
JDK releases introduce new features every 6 months, including security enhancements.
The Security Manager was deprecated for removal in JDK 17 due to its brittle permission model and poor performance.
JDK 20 and 21 introduced larger key sizes for stronger encryption by default.
Post-quantum cryptographic algorithms like SSS-LMS and XMS are being incorporated into Java security components.
Java security components include language features, cryptography, PKI, GSS API, TLS, and various tools.
JDK security configuration files allow developers to customize security properties and restrictions.
Weak algorithms like SHA-1 and weak TLS algorithms have been restricted or disabled in recent JDK releases.
New APIs for key encapsulation mechanism (KEM) and XML signatures have been introduced in JDK 21.
JDK security roadmap provides advanced notice of changes, allowing developers to test and prepare for updates.
Some JDK security changes are backported to earlier versions like JDK 8, 11, and 17.
Java security tools like keytool and jarsigner have been improved for better security practices.
Developers can contribute to the Java community by sharing their knowledge on dev.java.net.
Java security resources include the Java security guide, Java security standard algorithm names, and Java security roadmap.
Transcripts
[Music]
thank you everyone for joining a
security talk at 400
p.m. it's a little late in the afternoon
for some security topics um however I'm
grateful that you're here hope you will
enjoy this presentation until the end
that you will learn some useful things
that you can take in your daily
job and I'm looking forward to your
questions um at the end of the
presentation first of all I'm Anna
currently working as a developer
advocate in the Java team at Oracle I
enjoy programming with Java probably
like many of you since you are in this
room today and of course I enjoy working
with kubernetes as well now apart from
these two passions um I also like
security um in my past roles I like
security because I had to because it's
great to build secure software you have
your end users happy when they can
safely use their
applications uh so kind of security like
for many of you is embedded in the
practices that I have when I
code now when we talk about Java we I
hope that all of us in this room are
familiar with the new release Cadence or
you get to see many features delivered
every 6 months that you can try uh that
you can give uh um a feedback on and
these features are from multiple areas
many of them on language others on
performance and someone security yet
while these features get like Prime Time
your daily life can be impacted by those
many many enhancements that are not
necessarily formulated in a Jeep and
this presentation will show some of
those significant changes from 17 to 21
so if I am to ask you and because this
is a big room I cannot see all of you
but if I to ask you the question in the
slide can you shout at
me what do you think changed a change
that happened after jdk
17 with the security and jdk
anything just shout
it
records records that's a language
feature
security manager Bingo that's a very
good one the application for removal
we're going to talk a bit about it
anything else crypto
crypto that's a broad area we're going
to talk about it too anything
else
what I didn't understand you can you
please shout it h there TS TLS yes TLS
enhancements yes all great
answers and many more because we have 50
minutes for this presentation so I had
to fill it with something but the reason
why we care so much about jdk security
as developers is because over time the
algorithms that we are that we're using
in our applications weaken and can be
exploited more easily and it happens
that a GDK release take for example GDK
8 can Outlast the lifetime when these
algorithms are viable I mean jdk8
there's still many applications running
on those so what happens is that the
Java platform the jdk gets continuously
improved so that you can build secure
applications You're Building modern
applications but still they have to be
secured you're choosing Java to evolve
your applications because you know it's
secure that's one of the main things
that comes to your mind besides the
beautiful language there are many
beautiful languages that you can utilize
but you're also choosing them because
choosing Java because of security and of
course it's good to say to the business
Java is
secure so throughout time I've seen that
well people can think of java
security um as was some broad term so
what is Java security well Java security
has many components and since I'm going
to reference them in the presentation I
just want you to have a picture in your
head when I'm talking about them so here
they are the Java security components
are in the slide and of course they
start somebody said records of course it
starts with the
language um well but in the case of
security itself that is in the jdk the
higher level abstractions like you can
see here in the slide they are built on
top of lower layer Concepts so this is
why it's this like a brick wall
diagram and of course at the bottom the
Java language anguage is designed to be
type safe and easy to use so it has many
features that you probably use in your
application but the foundation of java
security well is based on
cryptography so the cryptography
component the Java cryptography
architecture
jca um or JC the Java cryptography
extension enables you to encrypt and
decrypt data in Java manage Keys sign
and authenticate message
and much more now we have also pki that
contains apis and implementations for
validating and building certification
paths or certification chains for only
many of your applications use
certificates and of course a way to
store those keys and
certificates next we go with how the
programs can access Security Services
via this lovely acronym which I'm not
going to read from the slide because I'm
terrible reading that acronym but we can
talk afterwards what it means it stands
for generic Security Service application
program interface that's why GSS upy and
the jdk contains such a GSS up
implementation of curve Ross now the
transport layer security which was
mentioned
earlier that
component is containing apis for TLS and
dtls and of course we're signing jars so
sign jars allow you to apply digital
signatures to the jar files in order to
ensure that you're sharing those with
some data integ the data you have in
those is shared with data integrity and
authenticity now the next components
they're
together because there are a series of
Frameworks and apis that are meant for
authentication and
authorization and of course probably
some of you have worked with XML
signatures which are a component uh well
this component that contains an API
implementation for generating and
validating XML
signatures but Java security is more
than just apis built on top on the
runtime it's also tools because
sometimes you need tools in your tool
chains to maybe I don't know validate
your certificates or and of course if
the jdk comes with them why not use them
since they're there so you get a small
set of tools that can help you set
security
policies probably many of you have
utilized in this lifetime key tool at
least
experimentally it's for managing key
stores keys and certificates of course
we have jar signer the one that we
talked a little bit earlier for sign
jars that helps of course signing those
jars and the last tab are actually the
tools for working with
kbros um but since Kos is not so touched
uh I'll leave them in peace for the
moment so hope you're feeling happy to
explore what happened with jdk
security and we're going to start with
the happy Parts modern cryptographic
algorithms now I started this
presentation telling you that over time
most or all algorithms weaken so they
can be exploited more easily now if you
get strong args you can continuously um
benefit of a stronger foundation for
your
application larger key sizes have been
delivered in jdk um 20 and 21 so you can
benefit of larger key sizes by default
like in case that when you're relying
for on the defaults and you're just
instantiating something um instantiating
a key without specifying the size
although that many examples over the
internet can have the size but if you
forget about that you don't need to
worry because the GDK can build that
securely at its best for you so you can
have here a table of what changed over
time this is good because this change
protects your data and communication by
using mathematical techniques that
ensure confidentiality integrity and
authenticity
better yet the tides of security threats
increase with the advancement of
technology and if you were the Kino this
morning
you probably saw the very nice keynote
about AI how AI can help us but those
were the good parts Ai and of course
computers that have large powerful cap
and large powerful
capabilities well they can be
instrumented for the wrong as well so if
large scale quantum computers are ever
built just this is a
hypothesis all widely used digital
signature schemes like
DSA RSA ecdsa and so on have the
potential to be broken that's because
the power of computation increased so
the IT industry has worked towards the
goal of creating postquantum
cryptographic algorithms that are
designed to be safe against such
powerful capabilities to
compute so as these postquantum
cryptographic algorithms progress and
mature of course they become standards
and are gradually Incorporated with the
Java security
components so we got the first post
Quantum cryptographic algorithms in open
jdk and you have here the explanation on
the slide so that you would know what it
stands for when you read
SSS
LMS so the lat Malla signature system is
one of the um one of these algorithms
and is the stateful health uh is a
stateful hash based algorith it's all
based on the hash based signature scheme
HPS that's what it's coming from the
hierarchical signature system is the
multi- three variant of the previous one
that's why it's SSS
LMS and most importantly it's one of the
two Quantum resistant signature
algorithms that have been standardized
there is another one it's called
XMS uh s it's similar but it's last
popular so the popular variant was
chosen um for the use case of such an
algorithm uh well it's used for software
and or firware
signing um and requires for the key and
signature generation to be performed in
Hardware cryptographic modules so that
they because those they do not allow
secret keying material to be exported
even in encrypted form that's why it
makes it quantum resistant it's hard to
export that from the
hardware so if we take a step back what
was done in the jdk right if um the um
signature generation happens on Hardware
what's happening in the jdk so when in
the jdk side the signature verification
implementation was
done so while the generation happens on
Hardware you can verify that signature
in the
jdk um and of course
you can have here in the slides the
explanations on why these this algorithm
is very great another thing that I need
to tell you is that this belief that the
security of LMS because it depends on
the security of the underlying hash
functions well it is believed that this
security is will never be broken by the
development of large scale computer
quantum computers hence why it's so
loved and
adopted now how does that look in your
code so how how do you verify a
signature with this new algorithm a
little bit of code in the slide just to
show you how it looks like you can use a
key Factory implementation available
from a provider now in this case if
you're running it with open jdk
distribution it probably will choose the
sound provider because that's the first
one that it finds it matches it and that
one will read an SSS LMS public key from
a stem a serialized
format so that's Reading part and of
course you need to verify the validity
and probably you've wrote this kind of
code sometimes to verify the validity of
a signature that uses SSS slms so the
thing that changed of course is the
algorithm being supported something
that's coming in 22 Key tool can also
operate with this one as well right now
it's available at the API level but in
22 jk22 it will have ke tool will have
that as a feature too so this one was
was one of the Breakthrough changes of
21
but besides the modern cryptographic
algorithms bringing new on the jdk
restricts the algorithms that are
weakened however there are multiple ways
to limit the usage of vulnerable
algorithms either the jav Java limits or
disables them to ensure that you are
running on a robust environment for your
not only for your own development but
also for your end users so what was
restricted some people probably saw that
kind of message when they tried to
validate a jar that was signed with
shaan and that it was having its
signature uh generated before 2019 1 of
January in 2019 so that's get a you get
a warning on that what's the story
behind it why Shawan jars were disabled
by default in Java 18 as the slide says
well it happens that in
2011 the National Institutes of
standards and Technology nist formally
dicated shaan usage and kind of told the
people well you know by
2030 you should kind of phased out the
usage from digital signatures that news
came two years later in
2013 so in consequence shaan was
disabled in TLS server certificates and
XML signatures was not just here now in
order to make sure that people are not
using this any
further jdk security team thought it
would be better if your
chars if you try to sign your chars with
this algorithm well to get the warning
that well um it's not good for you so
there's a a way to maintain uh backwards
compatibility of course for some of the
JS so if your jar was time stamped prior
to
20190101 We Shall one you get kind of
get away with it but uh if you have like
a very strict security team they can
alter a little bit the security rules
for you and they can impediment it so
I've seen cases when people went even
stricter given the threat of Shawan
usage so they restricted their security
properties even more we're going to talk
about that in a little
while so this was
one um another one delivered a lot
actually more delivery in 19 and 20
we're disabling weak TLS algorithms so
somebody mentioned TLS yes there were
enhancements but also disabled things
were disabled with the
TLs so in order to make it harder to use
week 3 3D Cipher suits they have been
removed from uh the TLs Cipher suits in
jk9 next 3s and arc4 they're also not
very safe um and because they were not
very safe also their Amon thls
ecdh ecdh Cipher suit also was disabled
because it doesn't preserve forward
secrecy and also it was rarely used in
practice sometimes these algorithms
they're not just insecure but they also
used in practice so disabling them is
not that difficult and well tls1.0 T and
TLS 1.1 they were disabled from April
2021 but as of J K2 dtls 1.0 is also
disabled because applications by the way
should use dtls 1.2 protocol which is
more secure and supported by the jdk but
in case that you have
issues yes you can also enable the one
that has been disabled you can reenable
it in the Java security configuration
file but that's something that you do at
your own risk so there's always a way to
alter the Java security file
but that's at your own risk when the um
of course the guidance says
different another thing that
came in the disabled algorithms area
restriction rules so how does these
rules are being put in application how
about these weak algorithms because they
they're not taken out they needs to be a
mechanis for that so in case of Koss
there's a car five.com file where you
can set those restriction rules for
security properties of the jdk of course
is the Java security configuration file
you can set there now for kbros for
those of you that maybe this sounds a
little bit foreign kbros is the protocol
for authenticated service requests
between trusted hosts and across let's
say in trusted Network like internet but
probably you saw keros if you ever
configured an application server like in
the old times that's probably You' have
seen curb Ross and details about it in
case of those application servers
configuring the KY by 5.com file is
crucial if you're using jars of course
for jar verification certificates TLS
and so on you can always work with a
Java configuration
file so for curve Ross let's start how
does the removing look like so in the
slide on my left side I would say okay
you can find on how an exerpt of kerros
configuration file looks like and I
extracted those two configurations
specifically because they're something
important with them so first of all desk
three des and rc4 encryption types well
they were removed from the default list
of carbros encryption types but
more um they were
disabled uh and you see that there's set
alone that allow weak crypto properties
set to false in uh in the slide right
why is that well allow crypto properties
acting like a global property and when
it's said to true you're actually
allowing all the bad algorithms that you
didn't want to have to be
selected so what happens if you want to
selectively reenable some of those
removed
weak um Cur encryption types because you
need it because your application cannot
evolve without those your server doesn't
start with that in configuration so in
those situations when you are in
need don't go and set allow crypto to
True by the way you can do that
selectively with a second property with
a permitted encryption types so there
you can go and say Hey I want you to
enable selectively these algorithms I
yeah probably they're not secure or
probably May some of them are secure and
they haven't been removed but only do
this for only a selected type don't do
this for everything they use the global
one so there's a way to escape but more
controlled and well it's always to have
this message that while re-enabling any
weak encryption type or any algorithm
that's considered disabled is always at
your own risk so be pay paying attention
when you reset your
configurations they can work against you
so
next in the jdk security configuration
file this is where you can modify
information about your security
properties and we have two types of
security uh properties so now you're
going to see highlighted in the slides
the different ones so the first ones are
the disabled ones this means that this
configuration restricts various
functionality Legacy me the other ones
that you really shouldn't use them
because they will be disabled most
likely in a future jdk release so Legacy
kind of allows you a way to still use
them but be paying attention that
sometimes they're going to go in the
forever gone category of disabled yes
you can alter the list there but again
at your own
risk so somebody else said something jdk
17 yes security manager security manager
was deprecated for removal in jdk 17
H
but you probably heard a lot about it it
generated a lot of rumor that
applications will be so much impacted
about this even though to your surprise
you're going to see that well was a
feature that was originally designed as
a stand boox for running potentially
untrusted applets who uses applets
nowadays then it was later enhanced to
have a fine grain permission Pro
permission model that was never widely
used so uh pretty much it had a lot of
things that were not useful to us so
because of the brittle permission model
difficult programming model and of
course poor performance that got to its
deprecation for removal in JK
177 however security manager still fully
supported in jdk 17 but you'll receive
warnings at runtime if you try to use it
so probably you've seen
that the other thing is that several
apis in the jdk thought it was a good
idea back then to use the security
manager in the beginning so because they
were tied to security manager there had
to be some replacement there needs
something to be done to it once this one
is deprecated for removal and because
some applications really really wanted
to use the security manager because they
couldn't upgrade very fast in in time
but still wanted to take advantage of
java latest
features it's also good that you can
allow the security manager temporarily
with your application name but you
should know that since jdk18 is this
allowed to use so there are still ways
to use it but pretty much not good so
let's go back to S to the API story
there are apis in the jdk that depend on
that apis that may be un need in your
day-to-day developer
life so we're going to go to the API
enhancements because many of them are
related to that so in the case of the
API repl replacement the Jaws apis were
the ones that were depending on the
security manager so what happened is
that the security
team has been implementing options to
still use the CH apis but a little
different so for example the adjust um
subject to us and subject get subject
API that dependent on the security
manager well uh even though they did not
require the security manager that's the
fun thing they depended on that one but
they did not needed it uh well they were
replaced in
jdk18 by different apis in the same
class name subject right so let's see
how code looks like for such an example
so for example using the old API the one
depending on security manager what you
need here you need to perform work as a
particular subject right but first you
require access to you get require
getting the access control context
object first I don't know
why well you yeah just use it further
and just get the subject so it was
cumbersome why was that extra object
needed while now you just invoke the
current method on the subject which
makes much more sense right it's much
more clean you don't need the access
control context for that you already in
the
context next
related to improvements to
apis well there are new apis for um
obtaining access to attributes for in a
key store so for example if before jdk18
this is how you would write a piece of
code to get access to the attributes of
an
um to get the attributes of a key store
so you're first needed to get an entry
from the key store uh then call the C
the get attributes on that entry like
okay so I need to know the entry then
call the attributes on the entry but I
want the key store right so why not do
that so that's the Improvement this it's
not just less code it's just actually
not having an extra object when you
don't need it so access an extra object
when you actually don't need to use that
object further in your
code there are also some improvements to
the apis that customize TLS and dtl LS
signature schemes so now they're like
Setters and Getters for getting the
signature
schemes um and when you need to
negotiate a TLS or dtls
connection um and yeah this is an
enhancement for the for a job regarding
the transport layer protocol that was in
the past and also for uh TLS and
dtls
there there's a new API for um the do I
duplicate this oh no no there's a new
API for customizing named groups also
for TLS and
dtls um at some point in my slides
you're going to see like a little flying
UFO in in down there it's very little
but I'm going to give you access to the
slides some of the changes that were
done in the jdk security were back
ported as well to 8 11 and 17 so um
that's the reason you have see the
little sorts um lateral UFO there uh
with also with the backboard so that you
know what was affected and maybe you can
use it in Prior in Prior jdk versions as
well so you get set name groups and get
name groups in
there
well this change uh was introduced in
jdk 20 and allows applications to
customize and retrieve the prior
prioritized list of name groups used to
negotiate a key exchange me a key
exchange mechanism in dtls or TLS
connection so they're pretty much
important at getting access to your um
prioritized list of name groups when
you're making a TLS or dtls
connection great improvements on the API
so now we have powerful
apis but in the beginning we we talked
about SSS LMS and quantum computers so
let's Circle back a little to that so we
get better algorithms prams that could
help us protect our applications against
post about quantum computer
attacks but how about other techniques
new encryption techniques for securing
symmetric Keys using public key
cryptography so what we can enhancing
that so jdk 21 brings a new key
encapsulation mechanism API it's called
chem for short now this is a scheme with
public and private key
which probably are familiar with but
what's different to it is that the
sander uses the public key to create a
cipher text and encapsulation containing
a randomly chosen symmetric key and the
receiver decrypts the encapsulation with
the private key now unlike the
traditional uh cryptography methods this
key encapsulation mechanism is more
efficient because does not require
padding when doing the um
encapsulation because well it deres it
uses mies the encapsulation by
deriving um by by using the properties
of the public key uh to derive the
related symmetric key that is used there
in the shared secret so how does that
look
like thought to put it here a little bit
in
context so the sender creates an
encapsulation using the public key right
then the sender uses cam to encrypt data
using a symmetric algorithm and sends
that key encapsulation message to the
receiver the receiver decrypts the king
capsulation message of course with the
private
key so then the rest the encryption and
the decryption they are done similarly
now that the shared key is known to both
of
them so that was said you can use cam to
First transmit that shared symmetric key
and later use it to efficiently encrypt
the data using that symmetric algorithm
that you
chose now the API itself has three parts
as discussed earlier with the
encapsulation decapsulation and so on so
the three parts are as follows of course
you need to generate the keys so you
need a key pair generation function that
is already there actually in the jdk the
key gen to generate the public key and
private key there was nothing changed to
that one but the key pair generator API
it's in the J for a while now what was
done new for the cam API was the
encapsulation function and of course the
key decapsulation function uh that are
needed to
decapsulate the received share key so
you can output both the sender and the
receiver can trust each
other
moreover in terms of
changes um in the beginning when we
talked about components there was a
component called XML signature that one
suffed a few changes as well so the API
for XML signatures changed a little bit
meaning now that there are two more
signature methods uis that support the
Edwards curve digital signature
algorithm that's a
adsa um which means that well now you
can sign and verify um your XML with um
these two signature
Uris um uh you can find their the API
and link to
it now we also have a new system
property I put there system property I
know it's a lot on the slide but I want
you to make the difference between
system property and security property so
You' not be confused which to configure
where so there's a new system property
that's called like that's called secure
validation so it's added there to allow
you to easily enable or disable XML
signature processing mode that has like
a simple mode like enable like true or
false uh but that one when you set it it
takes into account the um secure
validation policies properties that you
set for your application so you can
strengthen even more the security for
your XML signatures if you put this one
to true that's its
purpose another important aspect that
came in
21 is about here function
so here function it was an xath function
that's defined by w3c
recommendation and for XML
signatures and it's being used in XML uh
signatures of course has been used so
far now the thing is that an upstream
project that's for XML signatures called
santuario version
302 uh decided to remove this function
however since there were already
applications Java applications that use
ACC ml signatures with
here what the security team thought it
was be it would be better to have a
property it has a default value to true
and somehow maintain the usage of this
function within the existing security
Keys the idea is just to have it for the
moment but eventually will be disabled
um the support for this one function
will be disabled since the Upstream
project doesn't have it anymore but
gives away for people to accommodate the
changes in their XML
signatures until the uh the disable of
this one is going to become
permanent another feature that comes
with uh Java security is fact that some
some of its changes are tailor to
operating
systems so to operating system the
operating H native security features
well they're typically targeting either
Mac Linux or Windows
for Windows historically speaking before
jdk9 if you wanted to see the keys and
certificates in the current user or
local machine you need of course access
to them but if you're just using Windows
my or Windows rout you are not getting
access to that so in order to uh all the
time you didn't get access to all of
those so in order to personalize this
access to the local machine certificates
for different users there has been new
types of key
store that are called Windows my local
machine like an example here or Windows
root local machine key store types they
provide access to keys and certificates
stored on the Windows operating systems
that are available to all accounts and
of course there are also ones that are
specific to current user current logged
user because well that's for to avoid
the
confusion uh with the previous windows
my and windows route respectively
all these changes are documented in the
jdk providers guide there's going to be
a link at the end of the presentation to
that one now Mac
OS Mac OS has a story as well now it's
starting with jdk 21 you can see only
The Trusted certificates if you're
running this piece of code so I suggest
you to run this piece of code for jdk
less than 21 like I don't know 17 and
compare it to the result on 21 you're
going to see to what you really have
access to on your local machine if you
have a Mac by the way so starting with
jdk 21 the Mac OS keychain store
implementation expose certificates that
are with proper trust in the user domain
admin domain or both so before 21 prints
only the user domain
certificates after 21 it prints those
that are you should you should have
access to and maybe you have access also
to the admin ones not just the user ones
that were before
um okay what I added here is that the
change was backported as well to jdk 11
and 17 so it was an important change
that was thought that it would be good
also for 11 and 17 to
have Now updates on jdk kerts file did
you use kerts
ever yep you know so you know what's it
it's Cas as key stor is part of the
jdk uh is intended to contain the root
certific that can be used to establish
trust in certificates Chain empoyed by
our application right by security
protocols that are used by our
application so you probably use it in
order to establish trust for certain
certificates now historically speaking
we used to have the password change it
we always did the password change it now
it's no longer
required of course it doesn't use a
propriatary format anymore so it uses
the pkcs 12 format and if you're using
jks it will give you a nice warning and
tell you are you sure you want to use
this
format and of course public certificates
are no longer encrypted because well
they're
public um apart from caseart
improvements there have been some tools
improvements so the evolution of java
security fostered also connection to the
tools and the monitoring practices not
just you know enhancements and
algorithms and so on it's also good to
keep an eye on what happens there
so the changes with the modernized and
disabled algorithms well they're very
useful also for key tool so key tool by
the way besides useful warnings uses
also those default Roger key key sizes
uh in jeny pair uh if the key size
option that you give to keto is not
there so for example like in this case I
didn't use the minus key size option and
by default it generated me a key
uh with of course the biggest uh size
that was available by default in my case
372 another Improvement as of jdk 21
minus j z key and of course um import
pass they warn you if you're trying to
use PBI weak algorithms so they are
warning you if you're not doing
something great like in the command here
what this command is doing actually is
looking at the
key algorithm which is Arc four and
based on that determines that well
you're trying to use a weak algorithm
and I should warn you jar signer we
talked a little bit in the beginning is
good for signing jars shaan were
disabled of course but as of
jdk9 if you need to specify the class
pad to an alternate key store
implementation you can now add it with
minus provider path option because
sometimes you're not just using the pro
the security pro providers that the jbk
comes from there are other security
providers as well uh and you want choose
to have one of those for applications it
can be in the best practices of your
company some J signer improvements
besides all that is's a command for
minus provider path on how it would work
with a effictive provider of
course
um and last but not least for monitoring
we have some events that we can look
into um how the properties of our
application have evolved so there's one
initial security property that's an an
event from for jdk flight recorder that
we can look on the events when they're
initially loaded when our application
starts what were the security properties
that our application started with now
this event is very useful when our
application changes its security
properties in the code decides to like
okay I'm going to change this um because
it's needed and so on so it's good for
keeping keeping an eye on those if you
really want to disable this one because
it's enabled by default in the shipped
default. GFC and profile. GFC uh which
are shipped with u any jdk well you can
disable it with these commands if you
are interested just copypaste them it
will do the
disable any of them um another one
recording details about security
provider instance request so every time
that your application is going to access
get service method that is going to be
recorded and information about that is
going to be provided so it serves like
an announcement location for what's
coming in
security each change on this road map
improves security uh in a different way
in some way so either that you saw early
a restriction or disabling of wals or
defaults have been increased those are
documented shaan jars disabled those are
documented very well there uh or like
tools Improvement that's again
documented there and of course because
these changes can impact you in
applications the javac crypto road map
provides for each of the
changes some testing instructions or
details how you can revert the change
like I told you in the presentation okay
if you really need to enable that weak
encryption type and Cur Ross you can do
this
selectively so that's available so it
can gives you ways to let's say
perpetuate a bit the change that was
done there so the benefit of the road
map is that you get advanced notice of
each change usually minimum 3 six months
uh before this happens and you can test
it so uh with some
exceptions these changes are backported
to all update releases so that's
something very important for you to know
as
well uh because while your applications
can of was as well depend well the
applications need the same level of
security across different jdk versions
maybe you're not using jdk 21 for all of
them you're using jdk 17 or 11 and some
of those changes there are backported
most of the time
well that being
said if you want to know more about the
jdk security there are a series of
places where you can find information so
the first place is dev. Java there's a
security place where there security
section that contains several articles
on uh jdk security more will follow
there's inside. Java where we
publish um their latest information or
research on what happens in the security
so whatever we feel that's relevant and
the security teams that's relevant we
put it there on inside. Java and last
but not least on YouTube on youtube.com/
jaava our Java Channel where you can get
information on security but many more
language features which of course we
know they're great we love them uh
performance tips and so many many many
more so all these places are just a
place for security and way more things
that can help you in your daily life as
Java
developers but I assume that many of you
are also experienced Java developers so
if you would like to teach others or to
say to others explain Concepts that are
related to Java it doesn't have to be
like advanced concepts of java can be
also basic concepts about Java like kums
you can help us improve def. Java with
your contribution because we're a big
Community we're a Java Community we
welcome the contributions to dev. Java
so we have a repo where you can
contribute with articles if you want to
contribute please make sure to contact
me I'm going to share the link with you
would be my pleasure to explain to you
how that works you're going to be part
of a review process as well but it would
be a great thing for millions of people
to read your
work
so if you want to know like specific
security stuff that are related to this
presentation these are part of the links
that I would like to tell you about so
there's a Jeet about the deprecation of
security manager probably you've seen
that one before but uh Sean Mullen is
having a very very insightful blog on
jdk security changes so he captures way
more even those little little little uh
changes are captured there so be be sure
to follow that one as well my place to
go about algorithm names because I don't
know them by heart so I'm going always
to the Java security standard algorithm
names that's a very useful page and of
course the Java security guide the road
map you can find it there and of course
there are two videos that can help you
with security
too so so that was it that I was going
to tell you about jdk security and what
changed on it was quite a lot this is
the link to the slides you can scan it
uh I'll upload this one to the J Focus
um site as well so you can get
it thank
[Applause]
you
5.0 / 5 (0 votes)
