• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Embedding Private key into a .jar at runtime

 
Anuradha Karunamuni
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I am planning to use Bouncy Castle light weight APIs to secure my applications. It is consisted of a server side and a mobile client. Currently I have decided to use public key encryption. What I am planning to do is, generate the key pair on the server side and send the private key to the mobile client along with the downloaded application.

I thought of embedding the private key into the .jar file which is to be downloaded. But since it is a pre-compiled app I cannot think of a way to do it. I can make the server app to compile the mobile app using ant targets during run time, but I cannot think of way to write the Private key value into the source code. Will I have to use something like a property file along with the .jar?

Please be kind enough to share any suggestions to overcome this problem.

Thanks in advance.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18100
51
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Putting a key in a JAR is easy. You can just place a text file containing the key in the JAR.

The harder part is using it. If you don't have source, how would you get the app to know where the key was located even if it wasn't in a JAR?

If you have source, you can use Java's resource locating functions to open and read the key file.
 
Anuradha Karunamuni
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey, thanks!!!
I'm now serializing the Key objects into a normal file and the objects are de-serialized at the client's end.
 
Shailesh Kumar
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi

Is serialization/deserialization possible on the mobile client ?
 
Anuradha Karunamuni
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Nope...J2ME has excluded the serialization facility provided in J2SE. If it is required for you to have it in your J2ME apps, you will have to come up with your own methodology to serialize the objects. For an example, you can break down your object's data and store those using RMS. String, int and boolean data can be written to RMS.

I am trying to do a similar thing.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic