SSL of J2ME on Palm under KVM
can anyone teach me where i can find some free software for which i can reach the aim? Besides, i know BouncyCastle does provide one for J2ME, where i can find the sorce code of it?
and are there any other means that have a better performance ?
thanks a lot !!
I have visited BouncyCastle's site, i have downloaded the package, but I can't find any infomation that teaching how to use the package on th palm, are there any web sites that can help ?
thx !
how high the sevurity level it reach? if it is not so high, then is it possible to modify the source code, so that i can reach a more security level, like the SSL in the web browser ?
really sorry for giving out so many silly questions.
Associate Instructor - Hofstra University
Amazon Top 750 reviewer - Blog - Unresolved References - Book Review Blog
I have read the book for the chapter talking about BouncyCastle, it has mentioned about the "Message Digest" and "RC4 encryption algorithm" only. I saw that there are many other algorithms appeared in the package downloaded form the bouncycastle.
I am trying to get a secure transaction for stock trading on palm, which algorithm is work better in this aim ?
thanks for any opinion.
Ranch Hand
Associate Instructor - Hofstra University
Amazon Top 750 reviewer - Blog - Unresolved References - Book Review Blog
Ranch Hand
Associate Instructor - Hofstra University
Amazon Top 750 reviewer - Blog - Unresolved References - Book Review Blog
Originally posted by Chan py:
Just want to ask one more things, does the Encryption and Decryption methods in the BouncyCastle reach the standard of RSA,
how high the sevurity level it reach? if it is not so high, then is it possible to modify the source code, so that i can reach a more security level, like the SSL in the web browser?
Yes, I know most versions contain RSA, I don't know about the J2ME version, but I'm sure they have RSA, or equivalent protocols. Beacuse it is open source, you can modify the source code.
Warning: trying to do you own crypto code, without proper training is dangerous. You may not have covered all security holes.
If this is just a toy application, it's fine, but I wouldn't trust my credit card over an SSL connection I wrote up myself, unless I had significant peer review (and I have a masters degree in cryptography).
--Mark
Originally posted by Balaji Loganathan:
Hi guys...
I'm sure the latest version of J2ME wireless toolkits support https....why don't we choose that for any sort of secure communications....
Rgds
Balaji
I've heard the MIDP 1.0.2 Early Access release has the kSSL classes. However, they are only in the source code, you'll need to compile the classes yourself.
--Mark
Bartender
Originally posted by Chan py:
What is the Https supports? How it can improve the security level of SSL ? How to use this channel to achieve the aim of secure tading transaction ?
Hi ,
Answers
1 .Bascially https will provide a secured communication/transaction between ur computer or hand held device to the concern server.It uses one of the standard and very hard to break algorithm like RSA data encryption etc...with 1028 bits...Also its provide Server/Client Authentication and Authorisation....
2.How to improve ?? It depends upon the service provider to u meant to like www.verisign.com,www.thawte.com....visit thats site u will know what sort of security they are providing..
3.When it comes latest J2ME toolkit and JDK 1.4 u can implement/use the above said features easily to achieve secure transaction....
Regards
Balaji
I have tried to implement the RSA algorithm on a palm recently, but I found that it cost too much time for generate the key, (almost loop infinity). Is it the real case? Or I use a wrong method to implement?
I implement the RSA engine on the Palm and found that it spends most of the time on the key generation. Can I make such step done one the server rather than the palm? If it so, then in what way i can make it? (I jsut know that I can use object serialization for java, but it seems to be not supported by J2ME)
thx !
chanoch<p><a href="http://www.amazon.com/exec/obidos/ASIN/1861007736/" target="_blank" rel="nofollow">Author of Professional Apache Tomcat</a></p>
Originally posted by Chan py:
I have tried to implement the RSA algorithm on a palm recently, but I found that it cost too much time for generate the key, (almost loop infinity). Is it the real case? Or I use a wrong method to implement?
You used the wrong method. Key generation is expensive. Key operations are genrally expensive, too; although often public key operations, like checking signatures, are cheaper than private key operations, like signing something, because hte public key tends to be the smaller number.
I know of 3 SSL implementations. None of them do key generation in Java. They do key generation, and many key operations in either C or assembly. At JavaOne a group reported public key ops of around 5 seconds. I know of implementations faster than that, but I think that informaiton might be covered by one of my NDAs (I'll check on it and report more if I am able to). In short, even 20Mhz palm devices can do public key ops in a reaosnable amount of time, as long as it's not in Java. Take a look at the kSSL source code in the MIDP 1.0.2 early access release.
--Mark
Ranch Hand
Originally posted by chanoch wiggers:
how do you do JNI in MIDP?
MIDP doesn't support JNI (nor does CLDC). However, the kVM itself does (at least can) support it. Besdies, if you modify the kVM source code, you can do a lot of things. I do know of commercial applications which have done this.
What this means is that Joe Developer won't be able ot make JNI calls. But if you have an app which pretty much absolutely needs it, there are ways, it just requires jumping trhough a few hoops, technical as well as legal.
I would recommend not trying to do it youself, but simply using what's in MIDP 1.0.2 and future releases. It'll probably have what you need (and why). And if it doesn't, let me know, and I'll see if we can include it.
--Mark
if I want to use DES for data encryption, and the encrypt data is in a length of 80 characters, how long does the key I need to use? And can I defined my own key in anyway, or i need to follow some restriction in order to defined the key ?
If i use trple DES, I know it will use 3 keys in succession, then can i defind all the 3 keys, or it need to let for the engine to do?
Originally posted by Chan py:
Sorry for asking a silly question :
if I want to use DES for data encryption, and the encrypt data is in a length of 80 characters, how long does the key I need to use? And can I defined my own key in anyway, or i need to follow some restriction in order to defined the key ?
If i use trple DES, I know it will use 3 keys in succession, then can i defind all the 3 keys, or it need to let for the engine to do?
Silly questions are always welcome. :-)
DES uses a 56-bit key. End of story. It's not a variable key length cipher. They key itself is used to set the state of the cipher.
You can define your own key, although there are some known weak keys, which you should avoid.
For 3DES you define all keys. (I don['t know if the weak key values apply here, or if there are known specific 3DES weak keys.)
--Mark
Originally posted by Chan py:
Sorry for asking a silly question :
if I want to use DES for data encryption, and the encrypt data is in a length of 80 characters, how long does the key I need to use? And can I defined my own key in anyway, or i need to follow some restriction in order to defined the key ?
If i use trple DES, I know it will use 3 keys in succession, then can i defind all the 3 keys, or it need to let for the engine to do?
If you're encrypting sensitive information, be kind to your users and use a 128 bit key. Some algorithms you might consider: Blowfish (variable length key), Cast-128 (cast but with a 128-bit key), Triple-DES (hey, it does the job). You could use a stream cipher, which might be quicker (although there could be some preprocessing on a per-key basis), but be sure you never encrypt two different messages after re-keying with the same value.
