Win a copy of Pro Spring MVC with WebFlux: Web Development in Spring Framework 5 and Spring Boot 2 this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Jeanne Boyarsky
  • Liutauras Vilda
Sheriffs:
  • Rob Spoor
  • Bear Bibeault
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Piet Souris
Bartenders:
  • Frits Walraven
  • Himai Minh

Embedding Private key into a .jar at runtime

 
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

I am planning to use Bouncy Castle light weight APIs to secure my applications. It is consisted of a server side and a mobile client. Currently I have decided to use public key encryption. What I am planning to do is, generate the key pair on the server side and send the private key to the mobile client along with the downloaded application.

I thought of embedding the private key into the .jar file which is to be downloaded. But since it is a pre-compiled app I cannot think of a way to do it. I can make the server app to compile the mobile app using ant targets during run time, but I cannot think of way to write the Private key value into the source code. Will I have to use something like a property file along with the .jar?

Please be kind enough to share any suggestions to overcome this problem.

Thanks in advance.
 
Saloon Keeper
Posts: 23714
161
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Putting a key in a JAR is easy. You can just place a text file containing the key in the JAR.

The harder part is using it. If you don't have source, how would you get the app to know where the key was located even if it wasn't in a JAR?

If you have source, you can use Java's resource locating functions to open and read the key file.
 
Anuradha Karunamuni
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey, thanks!!!
I'm now serializing the Key objects into a normal file and the objects are de-serialized at the client's end.
 
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi

Is serialization/deserialization possible on the mobile client ?
 
Anuradha Karunamuni
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Nope...J2ME has excluded the serialization facility provided in J2SE. If it is required for you to have it in your J2ME apps, you will have to come up with your own methodology to serialize the objects. For an example, you can break down your object's data and store those using RMS. String, int and boolean data can be written to RMS.

I am trying to do a similar thing.
 
reply
    Bookmark Topic Watch Topic
  • New Topic