There is perhaps no software engineering topic of more timely importance than application security. Attacks are costly, whether the attack comes from inside or out, and some attacks can expose a software company to liability for damages. As computer (and especially Internet) technologies evolve, security attacks are becoming more sophisticated and frequent. Staying on top of the most up-to-date techniques and tools is one key to application security; the other is a solid foundation in proven technologies such as data encryption, authentication, and authorization.

The Java platform, both the basic language and library extensions, provides an excellent foundation for writing secure applications. This tutorial covers the basics of cryptography and how it is implemented in the Java programming language, and it offers example code to illustrate the concepts.

In this first installment of a two-part tutorial, we cover material in the library extensions -- now part of the JDK 1.4 base -- known as Java Cryptography Extension (JCE) and Java Secure Sockets Extension (JSSE). In addition, this tutorial introduces the CertPath API, which is new for JDK 1.4. In Part 2 (see Resources), we'll expand the discussion to encompass access control, which is managed in the Java platform by the Java Authentication and Authorization Service (JAAS).