TripleDES

Hi,
Does anyone have, or know where to find source for TripleDES (DESede) encryption on J2ME? Funny thing is that J2ME has the Cipher package (e.g. for SSL), but it's not public...
I would like to use J2ME to control huge machines over the net, but this f..ing toy-implementation of Java seems to be designed for kids.
....And I can't use SSL due the two-level encryption keys (authentication + encryption).
br,
Jorma

The Bouncy Castle package is what you are looking for. A short tutorial of that package (an eariler version) can be found in my JavaWorld article. An elaborated discussion on data security is available in my book

Hi,
And thanks about the link to BC.
I took needed java sources from the BC's package to my project utilise Triple DES encryption/decryption to see what classes are necessarily needed to be in my Jar-package. Furher, I found that e.g. PaddedBufferedBlockCipher -> ParametersWithRandom uses java.security.SecureRandom what is not implementted on J2ME.
I think that SecureRandom is needed only while generating keys, not in encryption/decryption phase. Furher, I do not generate keys on J2ME-application and therefore I'm wondering what hell is needed to do to get this working on J2ME? Should I modify all classes which uses SecureRandom?
Br,
Jorma

... I have loaded wrong API on BC's Lightweight API!!! I should by eye glasses, ...
-Jorma-
[Deleted the offending language -- Michael Yuan]
[ September 19, 2003: Message edited by: Michael Yuan ]

Language objection...

I thought there�d be a language filter, just like in most forums I visit

Ok + sorry! ... wasted time just pushed my self-control out of normal behaviour...
br,
Jorma

Hi
Probably you should be aware that when using BouncyCastle and the SecureRandom class some security exceptions may appear. That's because you are not allowed to create clases in the java or javax packages.
The best way to solve this is to use an obfuscator which will rename your classes and remove or change the package name.
As a side effect you get a small MIDlet since BC is pretty big (and useful )
Regards

Yes, I already met the problem. Then I met new problems with the Marvin's obfuscator, but next trial with Retroguard worked ok. So, currently my midlet works very reliable each time when GPRS connection do not crash down...
-Jorma-

Hi
Still I'd recommend proguard over retroguard (notice that they started with the same codebase). In particular because proguard can eliminate dead code
Also it seems retroguard is not in active development (I may be mistaken)
Regards