jQuery in Action, 3rd edition
The moose likes Java Micro Edition and the fly likes Embedding Private key into a .jar at runtime Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Mobile » Java Micro Edition
Bookmark "Embedding Private key into a .jar at runtime" Watch "Embedding Private key into a .jar at runtime" New topic

Embedding Private key into a .jar at runtime

Anuradha Karunamuni
Ranch Hand

Joined: Dec 08, 2007
Posts: 64
Hi all,

I am planning to use Bouncy Castle light weight APIs to secure my applications. It is consisted of a server side and a mobile client. Currently I have decided to use public key encryption. What I am planning to do is, generate the key pair on the server side and send the private key to the mobile client along with the downloaded application.

I thought of embedding the private key into the .jar file which is to be downloaded. But since it is a pre-compiled app I cannot think of a way to do it. I can make the server app to compile the mobile app using ant targets during run time, but I cannot think of way to write the Private key value into the source code. Will I have to use something like a property file along with the .jar?

Please be kind enough to share any suggestions to overcome this problem.

Thanks in advance.

"Simplicity is the ultimate sophistication..." ~Leonardo da Vinci~
SCJP 1.4
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 17410

Putting a key in a JAR is easy. You can just place a text file containing the key in the JAR.

The harder part is using it. If you don't have source, how would you get the app to know where the key was located even if it wasn't in a JAR?

If you have source, you can use Java's resource locating functions to open and read the key file.

An IDE is no substitute for an Intelligent Developer.
Anuradha Karunamuni
Ranch Hand

Joined: Dec 08, 2007
Posts: 64
Hey, thanks!!!
I'm now serializing the Key objects into a normal file and the objects are de-serialized at the client's end.
Shailesh Kumar

Joined: Sep 04, 2006
Posts: 16

Is serialization/deserialization possible on the mobile client ?

"Expect the Unexpected!!"<br /> <br />SCJP5,SCMAD
Anuradha Karunamuni
Ranch Hand

Joined: Dec 08, 2007
Posts: 64
Nope...J2ME has excluded the serialization facility provided in J2SE. If it is required for you to have it in your J2ME apps, you will have to come up with your own methodology to serialize the objects. For an example, you can break down your object's data and store those using RMS. String, int and boolean data can be written to RMS.

I am trying to do a similar thing.
I agree. Here's the link: http://aspose.com/file-tools
subject: Embedding Private key into a .jar at runtime
It's not a secret anymore!