6.3. Authentication and Cryptography
The java.security package (and its subpackages) provides classes and interfaces for authentication. As described in Chapter 5, this piece of the security architecture allows Java code to create and verify message digests and digital signatures. These technologies can ensure that any data (such as a Java class file) is authentic: that it originates from the person who claims to have originated it and has not been accidentally or maliciously modified in transit.
The Java Cryptography Extension, or JCE, consists of the javax.crypto package and its subpackages. These packages define classes for encryption and decryption of data. This is an important security-related feature for many applications, but is not directly relevant to the basic problem of preventing untrusted code from damaging the host system, so it is not discussed in this chapter.