[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl] AW: [iaik-jce] HOW CAN I GENERATE A SYMMETRIC KEY WITH IAIK JCE MICRO EDITION API?



Hello,

please look at the Javadoc of class iaik.me.security.CryptoBag

Example:
To create a secret key: 

   byte[] keyData = ...; // the given key as a byte array
   byte[] ivData = ...; // the given iv as a byte array
   CryptoBag key = CryptoBag.makeSecretKey(keyData);
   CryptoBag iv = CryptoBag.makeIv(ivData);
   cipher.init(Cipher.ENCRYPT_MODE, key, iv, null); // initialize a cipher object

Since a secret key in fact is some random data you may supply random byte
material of the required length when calling CryptoBag.makeSecretKey().
To create a 128 bit RC4 key you may proceed as follows:

     byte[] key = new byte[16];
     SecureRandom rand = SecureRandom.getDefault();
     rand.nextBytes(key);
     
     Cipher cipher = Cipher.getInstance("RC4");
     cipher.init(Cipher.ENCRYPT_MODE, CryptoBag.makeSecretKey(key));
     byte[] encr = cipher.doFinal(...);
     ...
        
Please be aware that iaik.security.me.SecureRandom per default
does not use a true random seed (see Javadoc).


> 1)The server sends its X509 certificate and the public key (RSA algorithms)
> to the client when it is contacted.
> 2)The client parses the certificate (to authenticate the server) and gets
> the public key.
> 3)The client generates a symmetric key (SK) with RC5 algorithm.
> 4)The client encodes SK with the publick key of the server and sends it to
> to the server.
> 5)The server decodes the SK with the private key and stores it.
> 6)Now server and client can communicate using SK and a more powerful
> symmetric algorithm (RC5 or RC4)
> instead of RSA algorithm.

You may use a standard protocol like SSL/TLS instead of developing your 
own solution. When doing so you may use our iSaSiLk Mirco edition which 
is based on the JCE micro edition. 

>  Note I can't use Session object because
> they aren't supported in Java 2 Micro Edition environment...:-(
If you mean the Session objects of our SSL micro edition: we have tried
it now at IBM´s J9 and it worked...


Regards,
Dieter Bratko



-----Ursprüngliche Nachricht-----
Von: iaik-jce-owner@iaik.tu-graz.ac.at
[mailto:iaik-jce-owner@iaik.tu-graz.ac.at]Im Auftrag von Luca Ventura
Gesendet: Dienstag, 04. Dezember 2001 09:05
An: iaik-jce@iaik.at; iaik-ssl@iaik.at
Betreff: [iaik-jce] HOW CAN I GENERATE A SYMMETRIC KEY WITH IAIK JCE
MICRO EDITION API?


Hello!

I am developing a project using IAIK-JCE (both standard and micro edition
versions) API.

I want to use a symmetric algorithm (such as RC5 or RC4) to exchange secure
data between a server
and all the clients. To do this I did the following steps:

1)The server sends its X509 certificate and the public key (RSA algorithms)
to the client when it is contacted.
2)The client parses the certificate (to authenticate the server) and gets
the public key.
3)The client generates a symmetric key (SK) with RC5 algorithm.
4)The client encodes SK with the publick key of the server and sends it to
to the server.
5)The server decodes the SK with the private key and stores it.
6)Now server and client can communicate using SK and a more powerful
symmetric algorithm (RC5 or RC4)
instead of RSA algorithm.

The client can be a MIDP 1.0 mobile device and so I must use IAIK API for
Java 2 Micro Edition Environment ("Jce-me-3.0b2"). The problem is that in
"Jce-me-3.0b2" I have found no methods or classes to generate
a symmetric key: I have found only the way to generate an RSA Key (using
"RSAKeyPairGenerator" class).

SO...HOW CAN I GENERATE  SYMMETRIC KEY WITH IAIK JCE API (MICRO EDITION
VERSION)?

Then there is another problem....

If I generate a different symmetric key for every client which is the best
way to store all the symmetric key on the server? Can I use an hashtable (in
fact I can have many connections in the same moment with many clients!)? Or
what? Note I can't use Session object because
they aren't supported in Java 2 Micro Edition environment...:-(

Thanks in advance!

                        Luca

--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-jce
 


--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl