[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl] Is it possible to generate a symmetric key with IAIK Java 2 Micro Ed. API?


I am developing a project using IAIK-JCE (both standard and micro edition
versions) API.

I want to use a symmetric algorithm (such as RC5 or RC4) to exchange secure
data between a server
and all the clients. To do this I did the following steps:

1)The server sends its X509 certificate and the public key (RSA algorithms)
to the client when it is contacted.
2)The client parses the certificate (to authenticate the server) and gets
the public key.
3)The client generates a symmetric key (SK) with RC5 algorithm.
4)The client encodes SK with the publick key of the server and sends it to
to the server.
5)The server decodes the SK with the private key and stores it.
6)Now server and client can communicate using SK and a more powerful
symmetric algorithm (RC5 or RC4)
instead of RSA algorithm.

The client can be a MIDP 1.0 mobile device and so I must use IAIK API for
Java 2 Micro Edition Environment ("Jce-me-3.0b2"). The problem is that in
"Jce-me-3.0b2" I have found no methods or classes to generate
a symmetric key: I have found only the way to generate an RSA Key (using
"RSAKeyPairGenerator" class).

So I need the answers to the following questions:

1) How can I do to create a symmetric key (for RC4 algorithm) with
"Jce-me-3.0b2" API???

2) If I can't do that how can implement a secure communication between a
MIDP client and a server using
a symmetric algorithm?

3) is a good idea to generate the symmetric key in the client? If not, which
is the best way to implement a secure communication between a client and a
server using a symmetric algorithm?

4)Is it a right thing to use a different symmetric key fo every client??

Thanks in advance!


Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl