A core requirement of any non-trivial P2P application is secure communication between peers. While the details of the security depend on how the application will be used and on what it will protect, it's often possible to implement strong, general-purpose security using off-the-shelf technology such as SSL. This month, Todd Sundsted demonstrates how to use SSL (via JSSE) in P2P security. An application's security requirements depend heavily on how the application will be used and on what it will protect. Nevertheless, it's often possible to implement strong, general purpose security using off-the-shelf technology. Authentication is an excellent example.

The problem of system security starts with discovering the identity of the user on the other end of the communications link. In this article, Joseph Sinclair discusses three familiar approaches for identifying users, highlights their strengths and weaknesses (alone and in combinations), and provides some examples of each. This simple question is at the core of all security efforts. Without establishing the identity of those who request access to your sensitive and valuable data, you cannot extend your trust. And system security is predicated on a system's ability to establish that trust. How do you decide whom to trust? Because there are unscrupulous people in the world, how do you determine that requesters are who they say they are? Follow along as we discuss three ways to determine user identity -- two of them are old (in computer-industry terms), "trusted" friends and one relies on relatively new technologies.

This free book is an excellent tutorial book for beginners. It is a collection of notes and sample codes written by the author while he was learning cryptography himself. Topics include Blowfish, CA, certificate, cipher, cryptography, CSR, decryption, DES, encryption, Java, JCE, JDK, OpenSSL, PEM, private key, public key, RSA, sample codes, secret key, self-signed certificate, SSL, X509. Key sections: Basic Concepts - Cipher - DES Algorithm - DES Algorithm - Illustrated with Java Programs - DES Algorithm - Java Implementation - JDK/JCE - Cipher for Encryption and Decryption - Cipher - Blowfish Algorithm - 8366 Hex Digits of PI - What is OpenSSL? - Installing OpenSSL on Windows - Generating RSA Key Pairs - Viewing Components of RSA Keys - Encrypting RSA Keys - What is a certificate? - Generating Self-Signed Certificates - Viewing Components of Certificates - Why Certificates Need to Be Signed by CAs? - Generating a Certificate Signing Request for Your Own Public Key - Viewing