I am planning to use Bouncy Castle light weight APIs to secure my applications. It is consisted of a server side and a mobile client. Currently I have decided to use public key encryption. What I am planning to do is, generate the key pair on the server side and send the private key to the mobile client along with the downloaded application.
I thought of embedding the private key into the .jar file which is to be downloaded. But since it is a pre-compiled app I cannot think of a way to do it. I can make the server app to compile the mobile app using ant targets during run time, but I cannot think of way to write the Private key value into the source code. Will I have to use something like a property file along with the .jar?
Please be kind enough to share any suggestions to overcome this problem.
Thanks in advance.
"Simplicity is the ultimate sophistication..." ~Leonardo da Vinci~
Is serialization/deserialization possible on the mobile client ?
"Expect the Unexpected!!"<br /> <br />SCJP5,SCMAD
Joined: Dec 08, 2007
Nope...J2ME has excluded the serialization facility provided in J2SE. If it is required for you to have it in your J2ME apps, you will have to come up with your own methodology to serialize the objects. For an example, you can break down your object's data and store those using RMS. String, int and boolean data can be written to RMS.
I am trying to do a similar thing.
subject: Embedding Private key into a .jar at runtime