[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl] HELP: PROBLEMS WITH RC4 CIPHER AND QUESTIONS ABOUT iSaSiLk Micro edition API.



Thanks for your reply (I have left it indicated below) but I have some
problems:


1) I tried the following code:

import iaik.me.security.*;
import iaik.me.security.cipher.*;

import java.io.*;
import java.util.*;

public class Crittamidp
{
public static void main(String args[]) throws Exception

{
  //I generate some randome bytes for creating a seed for SecureRandom class
  //using current date and its string rapresentation.
  Date d=new Date();
  long dl=d.getTime();
  byte[] seed=(dl+"").getBytes();

  //I set the seed for the SecureRandom class
  byte[] key = new byte[16];
  SecureRandom rand = SecureRandom.getDefault();
  rand.setSeed(seed);

  // I generates the random bytes for my key
     rand.nextBytes(key);
     System.out.println("TT");

  // I create an instance of RC4 cipher: here I have a
  // "iaik.me.security.CryptoException: Algorithm RC4 not available!" WHY??
     Cipher cipher = Cipher.getInstance("RC4");

     cipher.init(Cipher.ENCRYPT_MODE, CryptoBag.makeSecretKey(key));
     byte[] encr = cipher.doFinal("Ciao".getBytes());
     ...
}

}

BUT I HAVE A CryptoException EXCEPTION WHEN I MUST CREATE AN INSTANCE OF RC4
CIPHER
BECAUSE THE CIPHER SEEMS NOT TO BE AVAILABLE. WHY???

2) WHAT DOES "TRUE"  RANDOM SEED MEAN? IS A GOOD WAY TO INITIALIZE THE
SECURERANDOM
OBJECT IN THE WAY I INDICATED ABOVE (USING OBJECT "DATE")? I THINK TO HAVE
GENERATED
RANDOM BYTES IN THAT WAY, OR NOT?

3)IAIK iSaSiLk Micro edition is a client library to connect servers SSL
enabled, or not?
Given that my application (at least the server part that is based on a
servlet) must
be able to run on Web servers that hasn't SSL support I must implement the
cryptographic
support on my own (that is to say my application must be able to add to the
server the cryptographic support I need). If I used  IAIK iSaSiLk Micro
edition API on the client side
the SSL support must be already integrated on the (Web) server side. Or
not????

4) If I create the SSL support on my own I must find a way to store the
symmetric keys (SK)
on the server. So I would like to use a Session object to store information
about
the SK for every client. But when I say "SESSION OBJECTS are not supported"
I refer to a native implementation in Sun Microedition
API (J2ME), like that one you have in JDK1.3 Standard Edition where you can
find Session objects, and I DO NOT REFER to the IAIK iSaSiLk Micro edition
API.

I think that to implement iSaSiLk Micro edition API and to let to store SK
information on the server YOU used session objects too, and to bind a
session object (in the server) to a
(midp) client you had to manage non-persistant cookies (that contains a
session-id) on both client and server side. In fact I can have many clients
connected to the server
in the same moment and so many SK's to store: AM I RIGHT??? IS the solution
with Session objects correct?


5) If my solution about "session object" indicated above is correct, after
creating a cookie with a session-id, how can i bind this session id to a
"Session object" on the server (where I can use JDK Standard Edition API)??
I have seen there are no constructors
in   JDK 1.3 Standard Edition API to create a session object!!!!


Let me know something please...

THANKS IN ADVANCE!!!

                                          LUCA

-----Messaggio originale-----
Da: iaik-ssl-owner@iaik.tu-graz.ac.at
[mailto:iaik-ssl-owner@iaik.tu-graz.ac.at]Per conto di Dieter Bratko
Inviato: martedì 4 dicembre 2001 17.28
A: iaik-ssl@iaik.at; iaik-jce@iaik.at; Luca Ventura
Oggetto: [iaik-ssl] AW: [iaik-jce] HOW CAN I GENERATE A SYMMETRIC KEY
WITH IAIK JCE MICRO EDITION API?


Hello,

please look at the Javadoc of class iaik.me.security.CryptoBag

Example:
To create a secret key:

   byte[] keyData = ...; // the given key as a byte array
   byte[] ivData = ...; // the given iv as a byte array
   CryptoBag key = CryptoBag.makeSecretKey(keyData);
   CryptoBag iv = CryptoBag.makeIv(ivData);
   cipher.init(Cipher.ENCRYPT_MODE, key, iv, null); // initialize a cipher
object

Since a secret key in fact is some random data you may supply random byte
material of the required length when calling CryptoBag.makeSecretKey().
To create a 128 bit RC4 key you may proceed as follows:

     byte[] key = new byte[16];
     SecureRandom rand = SecureRandom.getDefault();
     rand.nextBytes(key);

     Cipher cipher = Cipher.getInstance("RC4");
     cipher.init(Cipher.ENCRYPT_MODE, CryptoBag.makeSecretKey(key));
     byte[] encr = cipher.doFinal(...);
     ...

Please be aware that iaik.security.me.SecureRandom per default
does not use a true random seed (see Javadoc).


> 1)The server sends its X509 certificate and the public key (RSA
algorithms)
> to the client when it is contacted.
> 2)The client parses the certificate (to authenticate the server) and gets
> the public key.
> 3)The client generates a symmetric key (SK) with RC5 algorithm.
> 4)The client encodes SK with the publick key of the server and sends it to
> to the server.
> 5)The server decodes the SK with the private key and stores it.
> 6)Now server and client can communicate using SK and a more powerful
> symmetric algorithm (RC5 or RC4)
> instead of RSA algorithm.

You may use a standard protocol like SSL/TLS instead of developing your
own solution. When doing so you may use our iSaSiLk Mirco edition which
is based on the JCE micro edition.

>  Note I can't use Session object because
> they aren't supported in Java 2 Micro Edition environment...:-(
If you mean the Session objects of our SSL micro edition: we have tried
it now at IBM´s J9 and it worked...


Regards,
Dieter Bratko



-----Ursprüngliche Nachricht-----
Von: iaik-jce-owner@iaik.tu-graz.ac.at
[mailto:iaik-jce-owner@iaik.tu-graz.ac.at]Im Auftrag von Luca Ventura
Gesendet: Dienstag, 04. Dezember 2001 09:05
An: iaik-jce@iaik.at; iaik-ssl@iaik.at
Betreff: [iaik-jce] HOW CAN I GENERATE A SYMMETRIC KEY WITH IAIK JCE
MICRO EDITION API?


Hello!

I am developing a project using IAIK-JCE (both standard and micro edition
versions) API.

I want to use a symmetric algorithm (such as RC5 or RC4) to exchange secure
data between a server
and all the clients. To do this I did the following steps:

1)The server sends its X509 certificate and the public key (RSA algorithms)
to the client when it is contacted.
2)The client parses the certificate (to authenticate the server) and gets
the public key.
3)The client generates a symmetric key (SK) with RC5 algorithm.
4)The client encodes SK with the publick key of the server and sends it to
to the server.
5)The server decodes the SK with the private key and stores it.
6)Now server and client can communicate using SK and a more powerful
symmetric algorithm (RC5 or RC4)
instead of RSA algorithm.

The client can be a MIDP 1.0 mobile device and so I must use IAIK API for
Java 2 Micro Edition Environment ("Jce-me-3.0b2"). The problem is that in
"Jce-me-3.0b2" I have found no methods or classes to generate
a symmetric key: I have found only the way to generate an RSA Key (using
"RSAKeyPairGenerator" class).

SO...HOW CAN I GENERATE  SYMMETRIC KEY WITH IAIK JCE API (MICRO EDITION
VERSION)?

Then there is another problem....

If I generate a different symmetric key for every client which is the best
way to store all the symmetric key on the server? Can I use an hashtable (in
fact I can have many connections in the same moment with many clients!)? Or
what? Note I can't use Session object because
they aren't supported in Java 2 Micro Edition environment...:-(

Thanks in advance!

                        Luca

--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-jce



--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-ssl



--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl