Rating: 
Summary: There's no better first book on cryptography for a coder
Review: There's no better first book on cryptography for a programmer to buy. You get a great deal of exposure to an important facet of network security through this little gem. It's friendly and to the point. The Java API is excellent--but the idea of cryptography is little odd to the everyday web or network application programmer. Having someone to kindly bridge the crypto-what-ja-ma-call-its to a world of how-do-i-wrap-it-around-my-web-or-mail-service is simply priceless. There's NO silly cryptomath (because only those cryptoexperts get the math anyway) but instead it's filled with no-nonsense coverage of how each and every common crypto engine and crypto-"protocol" takes your stream of data and converts them to cryptograms. If you always like to learn as MUCH as you could about a particular computational wonder tool before tackling a project without turning your brain to mush with research mathematics--you'll like this book. It's just one of those books I wished I read a lot earlier so I won't have an excuse to avoid APIs that exposes applied cryptography to network applications all these years. I highly recommend this book before you head on to the math of it. It's too bad the SSL/TLS API for Java never made it into this first edition (it did make it into O'Reilly's latest Java network programming book though). Any one know of a book just like this one but for another language like C or Perl? With a book like this you don't need to explain it all over again--but illustration and snippets of code showing how to use the various APIs in other languages would be useful. I think if the author is willing to dabble into all of these issues and give away his findings on a book website it will be just AWESOME! A second edition of said book with all of these issues covered would be just grand too :-) P.S. When I started learning Perl I first bought Mastering Regular Expression. Because I felt that with Perl--it really simplifies one's ability to play with streams of text. And what better way to learn the language (especially if you know some basics about it) than to learn what it is brilliant at right away?! That's how I felt about Java Cryptography. The way Java makes network programming not only easy.. but also fun to add in complexities like security and cryptography makes it a very enjoyable programming language to work with as a student or as a programmer. This is the sort of book you'll want to read ASAP once you get the basics of Java the language down! :-)
Rating: 
Summary: Practical and Complete
Review: This book describes the Java Cryptography Architecture (JCA) and the Java Cryptography Extension (JCE) in detail. It also explains the underlying cryptographic concepts, in case you are not familiar with them. It includes several extended examples that demonstrate the use of cryptography as well as the implementation of a particular cryptographic algorithm: 1. A full implementation of the ElGamal signature and cipher algorithms is included. ElGamal is a freely available public key algorithm. My book includes a key generator, a cipher, and a signature implementation. 2. A full-featured cryptographically enabled network talk application is included. This application allows you to chat in real time over the Internet. All the data sent over the network is encrypted. 3. Finally, a simple email client is included. This application encrypts the body of the messages it sends out and decrypts incoming messages. It uses standard mail transports protocols (SMTP and POP3) but provides authentication and confidentiality. This book is designed to be accessible, practical, and fun. I hope you like it.
Rating:
Summary: The Typical O'Reilly Publication
Review: This book is a fine introduction to cryptography within the "confines" of the Java API from Sun (I don't expect the information in this book to gain widespread acceptance until the next millenium). Not even ten pages into the book, and Knudsen is already discussing the undocumented Java classes for encoding/decoding Base64 arrays .... youch !! I think the author did a commendable job covering the critical issues of this VERY sensitive topic. The author pobably does not expect to get rave reviews after the release of "Applied Java Crytography" -- but then again, THAT book will likey cover the meat and bones that Knudsen's INTRODUCTION didn't touch. He didn't touch it for a reason. But allow me to say right now, THIS book supplies the rudimentary source code (what's legal to distribute, that is) which will be necessary for the cryptographer/cryptanalyst to MASTER before pursuing his/her own classes. This is a new and booming -- albeit delicate -- field .... thanks for writing a book for those of us already experienced in crytography, written in a no-nonsense style, reminding us of the sandbox we're really working in. I had forgotten just how senstive information can be.
Rating: 
Summary: Written for those without prior crypto experience
Review: This book is intended to teach experienced Java programmers how to add cryptographic elements to their applications. The text is not intended to teach encryption algorithms, basic Java programming, or the overall Java security model: there are other books that fulfill those functions. There is one other limitation: much of the book relies on the Java Cryptography Extensions (JCE) which are only available to those in the United States and Canada (nudge, nudge, wink, wink). Chapter one lists some fundamentals of encryption and the relationship to security. There are also a couple of programs right off the bat that will let you explore message digests, and encrypting and decrypting messages. The basics of confidentiality, authentication, and some major cryptographic algorithms are outlined in chapter two. The explanations are quite terse, but not out of line with the aim of the book. Java Security Architecture (JCA) is explained in chapter three, along with a quick overview of the API (Application Programming Interface) and SPI (Service Provider Interface). Chapter four introduces Java's own pseudo-random number generator, plus programming for key seeds from keyboard timing. Key management, in chapter five, is somewhat weak. The APIs only deal with hierarchical key certification, but this may simply be an example of Knudsen dealing strictly with the language, and leaving the concepts to others. I was, however, bemused at some passages that may have suffered from a lack of copy editing: for example, one section that seemed to confuse production of Message Authentication Codes with working on Macintosh computers. Authentication of various types is covered quite well in chapter six. Chapter seven's guide to encryption covers details not normally dealt with in cryptography texts because it must handle all matters related to getting an encryption algorithm to actually function in an application. Chapter eight gives enough detail about signed applets to prove that they are going to be browser specific for a while. Security provider programming is covered in chapter nine, using the ElGamal algorithm as an example. A sample application is created using an encrypted version of the talk utility in chapter ten. An e-mail application is created in chapter eleven using th provider previously generated in chapter nine. Chapter twelve closes off by looking at security design for the system overall. Appendices review BigInteger arithmetic in Java, the Base64 encoding scheme (an option for converting binary objects to text characters for e-mailing), Java archive files, Javakey, and a quick reference for the Java cryptography classes as covered in the book. Knudsen states that the book is written, as far as possible, without assuming any prior knowledge of cryptography. In this aim he succeeds rather well. The programmer with no background in encryption can still add a reasonable layer of security to his or her application. Those who study further, of course, will be able to ensure a higher level of protection and reliability.
Rating: 
Summary: No examples at all. Just covers the topic from net
Review: This book is really different from the kind of book we Expect. There are hardly and proper examples. Don't know if he is actually explaining implementation for himself or for others.
Rating:
Summary: Best Java Cryptography Book Ever!
Review: This is the best book about Java cryptography I have ever seen. Believe me, as a web developer, I've seen and read many books. This one is by far the most useful, and most affordable. I definately recommend it to anyone who is serious about Java security!
Rating:
Summary: Response to Reader Reviews
Review: To Mr. Bleichenbacher: You've misunderstood the point of my examples. The idea was to illustrate the use of the APIs, not to provide industrial-strength cryptographic applications. I make it abundadently clear that the code I'm providing in chapter 9, 10, and 11 is for illustration only. Serious cryptography applications, as you observe, must rely on established standards and source code review. And even if you still don't like chapters 9, 10, and 11, you haven't acknowledged the other nine chapters of the book. Your comment that the book is "hardly worth reading" is unfair. To the Gold Coast reader: Your complaint is not with my book but with US export law, which does not allow distribution of the JCE outside the US and Canada. Fortunately, a JCE has been developed outside the US by an Australian company called ABA... I am considering adding more information on SSL when the book is reprinted. To everyone else: Thanks for the great feedback and enthusiasm.
| 
