Encryption in J2ME

Hello all
I have a j2EE application using Mysql database. I'm interested in providing an extension to the system so that data can be input using a mobile using J2ME. The midilet interacts with a http connection servelet which in turn updates the database. What I'm looking for is proper encryption of data send from/to the mobile. does J2ME support encryption(like triple DES). How do i do it? if this is not possible then what is the solution.
thanks in advance.

Hi,
There are two ways to achieve this.
one is either use bouncy castle, as mentioned in the previous replies, or you can also use the SATSA(security and trust services API), a crypto API for MIDP phones, which is an official JSR. (JSR-177)
IT all depends on the phone capabilities. I would put my money on SATSA because it is faster than Bouncy castle, but since it is a JSR, your phone may / may not support it.

Similar Messages

  • Encrypting data J2ME

    Hi
    I am developing a number of applications using J2ME. They run on mobile phones and need to be able to send data to a server. I need to encrypt this data as it contains personal information about the user. I cant use HTTPS because some of the applications use MIDP 1.0 and only support HTTP.
    So I want to encrypt the data myself and I was wondering if you could help me with my approach and answer some questions...
    I think the best way is to use RSA public/private keys in combination with a symmetric encrypting algorithm. So the mobile will have the public key part and the server will have the private key. The data will be encrypted using a symmetric algorithm. The key used in the encryption will then be encrypted using the public key. Both the encrypted key and the encrypted data will then be sent to the server. The server uses its private key to decrypt the key and then use the key to decrypt the data.
    How does that sound? I will be using Bouncy Castle crypto. What is the best way to generate a public/private key pair? I then need to somehow include the public key with the application. Should I randomly generate the symmetric key myself?
    Also what algorithm would you suggest for encrypting the data. Remember that it is on a resource constrained mobile device.
    If you have any other comments I would like to hear them. Thanks for your time.

    Thanks for the pointer. The thing is we changed our minds. We discovered strong encryption was not needed since our scheme is like the DVD encryption. The data is unencrypted by the application used by the person that does not have to know the data.
    We went with Rot13. jeje
    Thanks anyway.

  • Elliptic curve encryption with J2ME

    hi there.
    i'm using the bouncycastle apis to encrypt a small amount of data (e.g. 20 chars) using ECIES. All the documentation seems to point to ECC as being faster/requiring shorter keys/less power-hungry etc than RSA, however, with the example code I have, the encryption time on a high end mobile is ridiculous.
    I'm thinking that the example G, n, a, b, and Q are for larger key sizes. Does anyone know how I can generate these values for a 160b ECC key, or a good bouncycastle/j2me ECC tutorial/sample code?
    Thanks in advance.
    caid

    No Sun provider implements the EC algorithms at this time.
    Here's an easy solution that works (Using NSS):
    http://blogs.sun.com/andreas/entry/elliptic_curve_cryptography_in_java
    NSS has been recently FIPS re-approved.
    BouncyCastle is another option if FIPS doesn't matter to you at all and you want pure java.
    Edited by: dstutz on Mar 10, 2008 7:49 AM

  • Encryption between j2me and j2ee

    I need to exchange some cofidential data between j2me client and servelt using http connection . So i need to encrypt the data before i send from j2me and the data should be decrypted at the server side so obviously i should also pass the key. I have searched on the net for a common algorthim that wil suit my requirements but i din get any useful solution. Please any one help me in finding out a algorithm tat meets my requirements.
    I appreciate all the replies

    i am getting the impression you are new to data security...
    if this is indeed the case, and you are in any kind of hurry, i strongly advise you to use ssl if at all possible.
    if you can not or will not use ssl then you will need to look into some other options.
    there are multiple algorithms to choose from for secure key exchange, diffie-hellman prob being the most popular.
    however, you will need to supplement the cldc api in order to implement.
    some key words to search on:
    diffie-hellman
    rsa
    aes
    tripple des
    satsa
    bouncycastle
    j2me security
    j2me encryption

  • Hi Freinds......How to Encrypt/Decrypt Text file in j2me

    Hello friendz.,,
    I m having problem with textfile exncryption decryption in j2me..
    Can abybode tell me how to encrypt/decrypt Text file using J2ME API's.......
    PLZ help me .......
    Thanx in advance
    regards,
    Parag

    http://www.mobilefish.com/developer/bouncycastle/bouncycastle.html
    http://www-128.ibm.com/developerworks/library/j-midpds.html

  • Encryption of folder object in J2ME

    hello, is there an API that i can use to encrypt/decrypt the folder object (not the files inside the folder) using J2ME (currently using bouncycastle)?

    prasad_at_sun wrote:
    Thanks for your reply. In my case we have the application server setup at client side only (third party is testing our application and according to their need we have to handover the things in their hands) where i am deploying jar/war files. I am still without solution..What don't you understand about "You can't do it." ?
    It's very simple really - whatever the language it makes no sense to encrypt the 'code' since to execute the code the execution engine needs to decrypt the 'code' before it can execute it so it has to have access to the decryption key. If the execution engine has access to the key so does anyone who has access to the execution engine.

  • AES encryption works in J2SS but not in J2ME

    Hi all,
    Im trying to create an AES Shared secret to encrypt and decrypt a message in J2ME. Ive already tried this code in J2SS and it works fine but when i try to use the exact same code in J2ME it doesnt work.
    I get the following error : java.security.InvalidKeyException
    The following is the code that im using to create the shared secret key and encrypt a message:
    ECDHBasicAgreement KeyAgreement = new ECDHBasicAgreement();
    KeyAgreement.init(ecPrivateKey);
    BigInteger IntKeyAgreement = KeyAgreement.calculateAgreement(ecPublicKey);
    Byte[] ShareSecretkey = IntKeyAgreement.toByteArray();
    SecretKeySpec = new SecretKeySpec(ShareSecretkey, 0, 16 ,"AES");
    Cipher cipher = null;
    cipher = Cipher.getInstance("AES");
    cipher.init(Cipher.ENCRYPT_MODE, SecretKeySpec);
    countin = cipher.update(input, 0, input.length, ciphertext, 0);
    countin += cipher.doFinal(input, 0, input.length, ciphertext, 0);
    It works fine untill i get to - cipher.init(Cipher.ENCRYPT_MODE, SecretKeySpec) then it produce the error.
    Any ideas why this might be??
    Is the something special you have to do with Cipher in J2ME that im dont know about?
    Thanks in advance

    Maybe the implementation of java.security of J2ME doesn't include the key you are using. Try with other key or search for that key in the J2ME package.

  • Do You Have Any Suggestions For J2ME Encryption Applications?

    Hi,
    Is anyone aware of J2ME applications that perform either of the following:
    1) Text editor with strong crypto support.
    2) Password wallet with data import/export functionality and strong crypto.
    To date I have been unable to locate anything suitable to manage personal data on a mobile phone platform.
    I am considering developing the required app myself, but my lazy nature has suggested that I check to see if there is currently anything suitable available.
    Thank you in advance for any suggestions.
    Kind regards,
    JamesK

    Under settings you can go into restrictions and limit their access to certain things, such as purchasing apps, etc. But there is no net nanny for the iPad that I'm aware of. Nor is there any sort of 'parental monitor/logging' type of app that will log what they do and generate a report to you.
    If you want to get them something more locked down then you may be better served to look on sites like Toys R us or the such and look for items that give you more control.
    THe iPad was largely designed as a single user consumer device that allows a single person to surf, read books, watch movies, listen to music, etc. It's not totally meant to generate content, or for multiple users or for children, which is why there's not a lot of content control.

  • In J2ME which class do we need to call to do ENcryption/Decryption?

    How many method we can implement from J2ME library?
    Can we use Triple DES, DES, AES ? Which class do we need to see?

    Hi,
    Generaly its not a good practice to modify SWCV you need to create in SLD then import it. Although if you want you can do it by opening SWCV in Repository then down the namespaces, you can see 2 check boxes named as Objects are original objects and Objects are modifiable. You need to check the option Objects are Modifiable.
    Then you can change it. I'hv not tried but check if it helps?
    BR
    Sudhir

  • I can't decrypt a text encrypted(useing RSA) with publickey on mobile

    hi all, I got some problem with my code,
    when I wanna use the JSR177 of J2ME to do something about Decryption
    here is some of my code as following:
    KeyFactory kf = KeyFactory.getInstance("RSA");
    byte[] publickeyEncode
    x509EncodedKeySpec keyspec = new X509EncodedKeySpec(publickeyEncode)
    PublicKey pubkey = kf.generatePublic(Keyspec) as using that, we can renew our publickey which is from the server.
    but there are Exception when I use the publickey to do decryption.
    java.security.InvalidKeyException
    at com.sun.satsa.crypto.RSACipher.init(+31)
    at javax.crypto.Cipher.init(+30)
    at javax.crypto.Cipher.init(+7)
    at KEYback.startApp(+210)
    at javax.microedition.midlet.MIDletProxy.startApp(+7)
    at com.sun.midp.midlet.Scheduler.schedule(+270)
    at com.sun.midp.main.Main.runLocalClass(+28)
    at com.sun.midp.main.Main.main(+116) however, the problem is solved when I change the DECRYPTO_MODE into ENCRYPTO_MODE
    so, is it impossible to do decryption with publickey on the mobile???

    because in the JSR177 apis,there is not "PrivateKey" this class so we only can use the "PublicKey" to do Decryption on the Mobile and do Encryption on Server with the PrivateKey..Sorry, I forgot that you are working in the J2ME context.
    as the result of our test , when the cipher_mode is "Encrypto", the code is run well, but when we turn is to "Decrytpo", the Exception is appear.Did you check that the encryption does return a valid result? Because while reading the JSR177 javadoc I got the feeling that the PublicKey only exists for verifying signatures.
    May be you should consider switching to the J2ME Bouncycastle implementation completly (or only for decryption). AFAIK it works idependent of JSR177.
    Jan

  • J2ME Security Issue

    Hi,
    My J2ME is using a Password to encrypt/decrypt information.
    During the life of the program, the password is held in a variable in memory.
    This is posing a security problem - if there is another program reading the memory is may find the information.
    I'm looking for a way to "hide" the password.
    Of course, I could ask for the password each time it is required by the program, thus not keeping it in memory afterwards, but this is a usability issue and still the password will be held for a short time i9n memory.
    Another way I though about is - make sure there are no other program that are reading the memory.
    How can I find the currently running programs and suspend them ? How can I prevent a new program from starting ? or issue a message when one is behaving dangerously ?
    Any other idea ???
    Thanks,
    Arnnei

    Sorry, misread your OP and thought this was related to the Preview.app. AFAICT, but never using anything but list view with icon preview disabled, it's just a WAG, the normal ones reside within the apps, the ones with the legend, rtf, rtfd, txt. etc. must be using some generic file image and appending the extension to it.

  • Question about java 5.0 & j2me & wireless toolkit

    Hi,
    I maybe have a dumb question, but to me it's not totally clear. I am currently developing an application (for J2ME and J2SE) which uses RSA encryption. So I found out that before Java 5.0 RSA encryption wasn't supported, but starting from Java 5.0 it is. So my question now is. If I use the RSA encryption from Java 5.0, can I still use it in my cell phone? And which Java version runs in my cell phone?
    It not clear to me, but maybe someone will be so nice to respond...
    Can my/any cellphone run Java 5.0 code? So what if I use the mentioned RSA-cipher... or generics...enumerations... On what does it depend whether I can use it for my cell phone or not?
    Does it just depend on the compiler? the JVM on my phone? or even the wireless toolkit?
    Thank you very much in advance.
    Sincerely.

    bump...
    anyone?

  • Encryption in MIDP

    Hi all,
    Anybody is having a simple code to encrypt the message using J2ME or bouncycastle? please immediately post it
    Bye
    Nelson

    i just would say that "please" is not a key to obtain something faster...
    the OP said "please immediatly" : you can say it to a domestic but not on a forum where
    people take time to help you...

  • J2me https negotiation - Client Certificate

    Hello all,
    I am developing a j2me application and i am extremely concerned about the security
    and encryption of data. I am planning to implement this using the https implementation
    of java for MIDP2.0 profile and cldc1.1 configuration.
    My question concerns exactly the kvm performs the https negotiation beetween the sever and
    the client and particularly if the client sends a certificate, so the sever knows that the
    request is from a valid source.
    Lets examine the following scenario:
    I have a digitally signed Midlet and a https server with a valid certificate.The Midlet
    performs a https connection with the server.During the "handshake" client and server exchange some messages so they can authenticate each other.
    I know that servers Certificate is used and client can authenticate that server is a trusted source.Does this happen also from client side? Meaning that the client is using a certificate? What certificate? Does the programmer have to implement/materialize anything or this is done automatically and transparently from kvm?
    Please Advice
    NiKolaos

    Hi Vance,
    In http outbound tunnel is allowed with ports 1- 65535. Here issue is while communication between client and server certificate length was 0 which means SSL communication is not happening properly
    Regards
    Chirag

  • Bouncy Casle in J2ME

    Hi I have done encryptionin bouncycastle algorithm but it tells the following error:
    ERROR:
    java.lang.NoClassDefFoundError: java/security/SecureRandom: Cannot create class in system package
    PROGRAM:
    import java.math.BigInteger;
    import java.security.SecureRandom;
    import org.bouncycastle.crypto.AsymmetricBlockCipher;
    import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
    import org.bouncycastle.crypto.encodings.PKCS1Encoding;
    import org.bouncycastle.crypto.engines.RSAEngine;
    import org.bouncycastle.crypto.generators.RSAKeyPairGenerator;
    import org.bouncycastle.crypto.params.RSAKeyGenerationParameters;
    import org.bouncycastle.crypto.params.RSAKeyParameters;
    import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
    import javax.microedition.lcdui.*;
    import javax.microedition.midlet.*;
    public class Encryption extends MIDlet implements CommandListener
         Form f = new Form("MyForm");
         Command okCmd = new Command("Ok",Command.OK,1);
         Command exitCmd = new Command("Exit",Command.EXIT,2);
         private RSAPrivateCrtKeyParameters _RSAPrivateKey;
         private RSAKeyParameters _RSAPublicKey;
         public void startApp()
              f.addCommand(okCmd);
              f.addCommand(exitCmd);
              f.setCommandListener(this);
              Display.getDisplay(this).setCurrent(f);
         public void pauseApp()
         public void destroyApp(boolean unconditional)
         public void commandAction(Command c, Displayable d)
              if (c == okCmd)
                   functionCall();
              if (c == exitCmd)
                   notifyDestroyed();
         void functionCall()
              String theStringBeforeEncryption = "String to encrypt";
              String theStringAfterEncryption = null;
              byte[] theEncryptedString;
              try
                   System.out.println(theStringBeforeEncryption);
                   generateRSAKeyPair();
                   theEncryptedString = RSAEncrypt(theStringBeforeEncryption.getBytes());
                   theStringAfterEncryption = new String(RSADecrypt(theEncryptedString));
                   System.out.println(theStringAfterEncryption);
              catch (Exception e)
                   // TODO Handle exception!
                   e.printStackTrace();
         }//end of functionCall()
         private void generateRSAKeyPair () throws Exception
              SecureRandom theSecureRandom = new SecureRandom();
              BigInteger thePublicExponent = new BigInteger("10001", 16);
              RSAKeyGenerationParameters theRSAKeyGenParam =
                   new RSAKeyGenerationParameters(thePublicExponent, theSecureRandom, 1024, 80);
              RSAKeyPairGenerator theRSAKeyPairGen = new RSAKeyPairGenerator();
              theRSAKeyPairGen.init(theRSAKeyGenParam);
              AsymmetricCipherKeyPair theKeyPair = theRSAKeyPairGen.generateKeyPair();
              _RSAPrivateKey = (RSAPrivateCrtKeyParameters) theKeyPair.getPrivate();
              _RSAPublicKey = (RSAKeyParameters) theKeyPair.getPublic();
         private byte [] RSAEncrypt (byte [] toEncrypt) throws Exception
              if (_RSAPublicKey == null)
                   throw new Exception("Please generate RSA keys first in order to work");
              AsymmetricBlockCipher theEngine = new RSAEngine();
              theEngine = new PKCS1Encoding(theEngine);
              theEngine.init(true, _RSAPublicKey);
              return theEngine.processBlock(toEncrypt, 0, toEncrypt.length);
         private byte [] RSADecrypt (byte [] toDecrypt) throws Exception
              if (_RSAPrivateKey == null)
                   throw new Exception("Please generate RSA keys first in order to work");
              AsymmetricBlockCipher theEngine = new RSAEngine();
              theEngine = new PKCS1Encoding(theEngine);
              theEngine.init(false, _RSAPrivateKey);
              return theEngine.processBlock(toDecrypt, 0, toDecrypt.length);
    please Help me
    Regards,
    Nelson

    There is no class by name "SecureRandom" in "java.security" package as far as CLDC/MIDP API's available for the application developer are concerned with.
    May be you need to check out the alternative for SecureRandom class provided by the J2ME implementation of the BouncyCastle API.
    ~Mohan

Maybe you are looking for