alice

The Legion of the Bouncy Castle – Listing Public Key Certifications

Posted on Updated on

Instead of calling this post Part 6, I’ve decided to just give them nice and descriptive names from now on.

When managing your PGP Keys you often need to know who you trust and who you do not trust. All we need is the public key file (ASCII armored or binary). I have nested the operation in 3 different methods, mainly done for readability.

public void listPublicKeyCertifications() {
	String keysDir = System.getProperty("user.dir")+File.separator+"src/george/crypto/pgp/keys";
	File publicKeyFile = new File(keysDir+File.separator+"MrBilly.asc");
	
	try {
		System.out.println("The public key was certified by: ");	
		List<String> keyIds = listCertifications(publicKeyFile);
		for (String keyId : keyIds) {
			System.out.println("\t"+keyId);
		}
	}
	catch(Exception ex) {
		ex.printStackTrace();
	}
}

public static final List<String> listCertifications(File publicKeyFile) throws IOException {
	FileInputStream keyInputStream = new FileInputStream(publicKeyFile);
	List<String> keyIds = getCertifications(keyInputStream);
	return keyIds;
}

private static final List<String> getCertifications(InputStream input) throws IOException
{
	List<String> keyIds = new ArrayList<String>();
	
	PGPPublicKeyRing pgpPubRing = new PGPPublicKeyRing(PGPUtil.getDecoderStream(input), new JcaKeyFingerprintCalculator());
	PGPPublicKey pubKey = pgpPubRing.getPublicKey();
	
	@SuppressWarnings("unchecked")
	Iterator<PGPSignature> sigIter = pubKey.getSignatures();
	while(sigIter.hasNext()) {
		PGPSignature pgpSig = sigIter.next();
		long keyId = pgpSig.getKeyID();
		keyIds.add(Long.toHexString(keyId).toUpperCase());
	}
	
	return keyIds;
}

Read the rest of this entry »

Cryptography’s Alice and Bob are Here to Stay

Posted on Updated on

The article "Replace crypto-couple Alice and Bob with Sita and Rama" caught my attention today. A professor of computer science Dr. S. Parthasarathy and full time employee at "Indian biz Algologic Research & Solutions" has wrote a small but concise paper [PDF] on why he believes that the main characters "Alice", "Bob" and "Eva" should be replaced with characters of a Hindu epic "Ramayana."

He goes to state that the Alice and Bob analogy has no connection to cryptography:

It is always Alice who wants to send a message to Bob. We also encounter another couple: Carol and Dave. And then, we also have Eva (the evesdropper), malicious Mallory and rude Rudy (the intruder). Apart from the alphabetic order of their names, we see little or no connection to cryptography in their names.

This is because Alice, Bob, Eva, Carol, Dave, Mallory and Rudy are not cryptographers and are just characters used to explain a difficult topic. We could have said "Person A wants to send a message to person B and person E wants to intercept that message." But this is too confusing and it makes more sense to use simple, ordinary names. And it just so happens that it was thought up by an individual with an American cultural background.
Read the rest of this entry »