tags:

views:

317

answers:

1
Q: 

Phone-To-Server communication encryption in Java

Hi,

This goes along with another thread, here: How to implement Java 256-bit AES encryption with CBC

Mainly, trying to get AES encryption on a phone using Java.

My question here is how to handle the encryption key. I don't know if I should store the key, hash the key and use that, or do a public-key-encyption scheme. I would rather have a way to not do an initial message from the server to the phone to communicate a key. I want the phone to be ready to encrypt and the server waiting for an encrypted message. To implement something like a key-sharing algorithm, I would have to modify our server application which is not very desireable. It's not impossible, but I'm going for code-reuse here =).

A: 
erickson  2009-09-21 17:20:58
@erickson, about the first part, not trying to store the same key on every phone. Would like to be able to generate some kind of key both the sever and phone know before the actual encrypted string is sent on the wire. Have no idea if that is possible with my limited encryption knowledge. All I know is that the way encryption is implemented now in our applications, we use 1 secret key for everyone stored on the phone and the server. That's bad as far as I know.
Steven Wright  2009-09-21 17:35:07

related questions

How to implement password protection for individual files?
Encrypting appSettings in web.config
Usefulness of SQL Server "with encryption" statement
How can I use a key blob generated from Win32 CryptoAPI in my .NET application?
CodeReview: Tiny Encryption Algorithm for arbitrary sized data
Simple encryption implementation in C
Which hard disk encryption software to choose?
Passing untampered data from Flash app to server?
How do I prevent replay attacks?
Is there a best .NET algorithm for credit card encryption?
Encrypt data from users in web applications
How to encrypt one message for multiple recipients?
Two-way password encryption without ssl
What's the answer to this Microsoft PDC challenge?
GPG: How does key signing work and how is it done?
Secure Online Highscore Lists for Non-Web Games
Programmatically encrypting a config-file in .NET
How do I use 3des encryption/decryption in Java?
Encryption in C# Web-Services
Suitable alternative to CryptEncrypt
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
C# - CryptographicException: Padding is invalid and cannot be removed
How can I encode xml files to xfdl (base64-gzip)?
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Encrypting Passwords