Cryptography Tutorials - Herong's Tutorial Notes
Dr. Herong Yang, Version 4.00

A newer version of this book is located at You will be automatically redirected this new location. Thank you for your visiting! -- Herong

Cryptography Tutorials - Herong's Tutorial Notes
Version 4.00
Dr. Herong Yang

Table of Contents

About This Book


  • Cryptography Terminology

Basic Concepts

  • Cryptography
  • Function
  • Encryption

Cipher - DES Algorithm

  • Block Cipher
  • DES (Data Encryption Standard) Cipher Algorithm
  • DES Key Schedule (Round Keys Generation) Algorithm
  • DES Decryption Algorithm

DES Algorithm - Illustrated with Java Programs

  • - DES Key Schedule Algorithm Illustration
  • - DES Cipher Algorithm Illustration

DES Algorithm - Java Implementation

  • - A Simple Java Implementation of DES
  • Test Cases of DES Encryption and Decryption

DES Algorithm - Java JCE SUN Implementation

  • DES Java Implementation by Sun
  • Using DES Algorithm in JDK JCE Package
  • Test Cases of DES Encryption and Decryption
  • What Is PKCS5Padding?
  • - JCE DES Padding Testing Program

DES Algorithm - Operation Modes and JCE SUN Implementation

  • DES Encryption Operation Modes
  • What is ECB (Electronic CodeBook) Operation Mode?
  • What is CBC (Cipher Block Chaining) Operation Mode?
  • What is CFB (Cipher FeedBack) Operation Mode?
  • What is OFB (Output FeedBack) Operation Mode?
  • Sun Java Implementation of DES Operation Modes
  • - JCE DES Operation Mode Testing Program
  • Test Cases of DES Operation Modes

DES Algorithm - Stream Cipher Modes and JCE SUN Implementation

  • DES in Stream Cipher Modes
  • CFB (Cipher FeedBack) Operation Mode as a Stream Cipher
  • OFB (Output FeedBack) Operation Mode as a Stream Cipher
  • Sun Java Implementation of DES Operation Modes
  • - JCE DES Stream Cipher Mode Testing Program
  • Test Cases of DES Stream Cipher Modes

DES Algorithm - PHP Implementation in mcrypt

  • mcrypt Library for PHP
  • mcrypt Encryption Functions
  • des_mcrypt_operation_mode_test.php - mcrypt Operation Mode Test PHP Script
  • Block Padding in mcrypt
  • Other PHP Implementations of DES Algorithm

JDK/JCE - Cipher for Encryption and Decryption

  • The Cipher Class
  • - Cipher with Secret Key
  • - Cipher with Private and Public Key Pair

Cipher - Blowfish Algorithm

  • Block Cipher
  • Blowfish Cipher Algorithm
  • Blowfish Key Schedule (Sub-Keys Generation) Algorithm
  • BlowfishJ - Java Implementation by Markus Hahn
  • Blowfish Decryption Algorithm
  • 8366 Hex Digits of PI

Message Digest - MD5 Algorithm

  • What is MD5?
  • MD5 Algorithm Overview
  • MD5 Implementation in Java
  • MD5 Implementation in PHP
  • MD5 Implementation in Perl

Message Digest - SHA1 Algorithm

  • What is SHA1?
  • SHA1 Algorithm Overview
  • SHA1 Implementation in Java
  • SHA1 Implementation in PHP
  • SHA1 Implementation in Perl

OpenSSL - Installation on Windows

  • What is OpenSSL?
  • Installing OpenSSL on Windows

OpenSSL - Generating RSA Private and Public Keys

  • What is RSA?
  • Generating RSA Key Pairs
  • Viewing Components of RSA Keys
  • Encrypting RSA Keys

OpenSSL - Generating Self-Signed Certificates

  • What is a certificate?
  • Generating Self-Signed Certificates
  • Viewing Components of Certificates

OpenSSL - Signing Certificates from Others

  • Why Certificates Need to Be Signed by CAs?
  • Generating a Certificate Signing Request for Your Own Public Key
  • Viewing Components of Certificate Signing Request
  • Signing a Certificate Signing Request

OpenSSL - Certification Path and Validation

  • What Is a Certification Path?
  • Certification Path Validation
  • Certification Path Testing with OpenSSL

keytool - JDK Tool to Manage Certificates Using 'keystore'

  • Certificates and Certificate Chains
  • What is "keystore"?
  • "keytool" - Key and Certificate Management Tool
  • "keytool" Example - Generating Key Pairs and Self-Signed Certificates
  • "keytool" Example - Exporting and Import Certificates
  • "keytool" Example - Cloning Certificates with New Identities

Using Certificates with Web Browsers

  • Why Using Certificates with Browser?
  • Exporting Certificates Out of Internet Explorer (IE)
  • Importing Certificates into IE
  • View Certificates in FireFox
  • Importing Certificates into FireFox

'OpenSSL' Signing CSR Generated by 'keytool'

  • Using "OpenSSL" to Act as a CA (Certificate Authority)
  • "OpenSSL" Generating CA's Private Key
  • "OpenSSL" Self-signing CA's Public Key Certificate
  • "keytool" Generating Maria's Private Key
  • "keytool" Generating Maria's CSR (Certificate Sign Request)
  • "OpenSSL" Signing Maria's CSR (Certificate Sign Request)
  • "keytool" Managing Serial Numbers when Signing CSR
  • "keytool" Importing CA's Certificate into Keystore Files
  • "keytool" Importing Maria's Own Certificate

Migrating Keys from 'keytool' to 'OpenSSL'

  • "keytool" Generating Private and Public Key Pair
  • "keytool" Exporting PrivateKeyEntry
  • "keytool" Printing Certificate Details
  • "OpenSSL" Viewing "keytool" Generated Certificates
  • - Dumping Private Keys Out of "keystore"
  • "OpenSSL" Converting Keys from Binary to PEM
  • "OpenSSL" Viewing "keytool" Keys

Certificate Formats - X.509, DER and PEM

  • X.509 Certificate Standard
  • PEM (Privacy Enhanced Mail) Encoding
  • DER (Distinguished Encoding Rules) Encoding
  • "keytool" Exporting Certificates in DER and PEM
  • "OpenSSL" Verifying "keytool" Certificates
  • "OpenSSL" Generating Certificates in DER and PEM
  • "keytool" Viewing "OpenSSL" Certificates
  • "keytool" Importing "OpenSSL" Certificates

Key Formats PKCS#8 and PKCS#12 and Migration

  • What is PKCS#8?
  • What is PKCS#12?
  • "OpenSSL" Private Key in Traditional Format
  • "OpenSSL" Private Key in PKCS#8 Format
  • "OpenSSL" Key and Certificate in PKCS#12 Format
  • "keytool" Converting PKCS12 to JKS
  • Summary - Migrating "OpenSSL" Keys to "keytool"
  • Summary - Migrating "keytool" Keys to "OpenSSL"


Key Words: blowfish, CA, certificate, certification path, cipher, CSR, decryption, DER, DES, digest, encryption, Java, JCE, JDK, keytool, MD5, message, OpenSSL, PEM, PKCS#8, PKCS#12, private key, public key, RSA, secret key, self-signed certificate, SHA1, SSL, X.509

Dr. Herong Yang, updated in 2007
Cryptography Tutorials - Herong's Tutorial Notes - Table of Contents