wood burning stoves 2.0*
The moose likes Java Micro Edition and the fly likes TripleDES Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Mobile » Java Micro Edition
Bookmark "TripleDES" Watch "TripleDES" New topic
Author

TripleDES

Jorma Ikonen
Ranch Hand

Joined: Sep 17, 2001
Posts: 49
Hi,
Does anyone have, or know where to find source for TripleDES (DESede) encryption on J2ME? Funny thing is that J2ME has the Cipher package (e.g. for SSL), but it's not public...
I would like to use J2ME to control huge machines over the net, but this f..ing toy-implementation of Java seems to be designed for kids.
....And I can't use SSL due the two-level encryption keys (authentication + encryption).
br,
Jorma
Michael Yuan
author
Ranch Hand

Joined: Mar 07, 2002
Posts: 1427
The Bouncy Castle package is what you are looking for. A short tutorial of that package (an eariler version) can be found in my JavaWorld article. An elaborated discussion on data security is available in my book


Seam Framework: http://www.amazon.com/exec/obidos/ASIN/0137129394/mobileenterpr-20/
Ringful: http://www.ringful.com/
Jorma Ikonen
Ranch Hand

Joined: Sep 17, 2001
Posts: 49
Hi,
And thanks about the link to BC.
I took needed java sources from the BC's package to my project utilise Triple DES encryption/decryption to see what classes are necessarily needed to be in my Jar-package. Furher, I found that e.g. PaddedBufferedBlockCipher -> ParametersWithRandom uses java.security.SecureRandom what is not implementted on J2ME.
I think that SecureRandom is needed only while generating keys, not in encryption/decryption phase. Furher, I do not generate keys on J2ME-application and therefore I'm wondering what hell is needed to do to get this working on J2ME? Should I modify all classes which uses SecureRandom?
Br,
Jorma
Jorma Ikonen
Ranch Hand

Joined: Sep 17, 2001
Posts: 49
... I have loaded wrong API on BC's Lightweight API!!! I should by eye glasses, ...
-Jorma-
[Deleted the offending language -- Michael Yuan]
[ September 19, 2003: Message edited by: Michael Yuan ]
Lasse Koskela
author
Sheriff

Joined: Jan 23, 2002
Posts: 11962
    
    5
Language objection...


Author of Test Driven (2007) and Effective Unit Testing (2013) [Blog] [HowToAskQuestionsOnJavaRanch]
Fernando Sanz
Ranch Hand

Joined: Jun 27, 2003
Posts: 101
I thought there�d be a language filter, just like in most forums I visit
Jorma Ikonen
Ranch Hand

Joined: Sep 17, 2001
Posts: 49
Ok + sorry! ... wasted time just pushed my self-control out of normal behaviour...
br,
Jorma
Carlos Quiroz
Greenhorn

Joined: Oct 27, 2003
Posts: 14
Hi
Probably you should be aware that when using BouncyCastle and the SecureRandom class some security exceptions may appear. That's because you are not allowed to create clases in the java or javax packages.
The best way to solve this is to use an obfuscator which will rename your classes and remove or change the package name.
As a side effect you get a small MIDlet since BC is pretty big (and useful )
Regards
Jorma Ikonen
Ranch Hand

Joined: Sep 17, 2001
Posts: 49
Yes, I already met the problem. Then I met new problems with the Marvin's obfuscator, but next trial with Retroguard worked ok. So, currently my midlet works very reliable each time when GPRS connection do not crash down...
-Jorma-
Carlos Quiroz
Greenhorn

Joined: Oct 27, 2003
Posts: 14
Hi
Still I'd recommend proguard over retroguard (notice that they started with the same codebase). In particular because proguard can eliminate dead code
Also it seems retroguard is not in active development (I may be mistaken)
Regards
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: TripleDES
 
Similar Threads
Triple DES encrytpion and decryption using 256 bit and 512 bit
Advice for noob: Restlet or SOAP
Enabling SSL
which framework to use (JAAS, JCE, JSSE)
Encrypt form POST data before calling servlet through JSP