tags:

views:

125

answers:

3
+1  Q: 

Blackberry encrypt+persist data.

Hi all,

My system enables users to save their work as a draft. I'd like to encrypt the data before I persist it. I was working on this -

AESKey k = new AESKey();
AESEncryptorEngine a = new AESEncryptorEngine(k);
a.encrypt(byte[] data_input, int input_offset, byte[] data_output, byte[] output_offset);

I however need to persist an object. Is there a way to get a byte[] stream from an object? Also, which encryption standard should I be looking at considering the processor / memory limitations of a mobile device?

Thanks,
Teja.

A: 

To persist an object, have your class implement Serializable and write the object to a file. See here for more info about serialization.

If encryption is necessary, you could just encrypt the file. I'm pretty sure Blowfish is the way to go for an embedded device. It uses very little memory and AES is a bit slower on an ARM based processor.

Kavon Farvardin  2010-03-02 20:25:54
He asked for a BlackBerry device, Serializable will not work, he need to implements `Persistable`.
Michael B.  2010-03-02 20:43:30
Oh right, different library.
Kavon Farvardin  2010-03-02 20:50:19
+2  A: 

You mention that you're going to persist your object; does that mean that you intend to place it in the PersistentStore? If so, you have access to some built-in protection.

You can use a ControlledAccess object to prevent any access from an app without your code signing keys. You can find more information here: http://www.blackberry.com/developers/docs/4.1api/net/rim/device/api/system/ControlledAccess.html

Eric  2010-03-03 15:28:10
This is perfect, thanks!
Tejaswi Yerukalapudi  2010-03-03 15:58:02
A: 

From what I can tell, the ControlledAccees routines don't actually encrypt the object, they simply make finding the persistent object really hard.

Does anyone know how to either truly encrypt an object, or turn it into a byte stream so that it can be encrypted using BlowFish/TwoFish/another encryption technique?

DanG  2010-03-15 16:30:15

related questions

How to implement password protection for individual files?
Encrypting appSettings in web.config
Usefulness of SQL Server "with encryption" statement
How can I use a key blob generated from Win32 CryptoAPI in my .NET application?
CodeReview: Tiny Encryption Algorithm for arbitrary sized data
Simple encryption implementation in C
Which hard disk encryption software to choose?
Passing untampered data from Flash app to server?
How do I prevent replay attacks?
Is there a best .NET algorithm for credit card encryption?
Encrypt data from users in web applications
How to encrypt one message for multiple recipients?
Two-way password encryption without ssl
What's the answer to this Microsoft PDC challenge?
GPG: How does key signing work and how is it done?
Secure Online Highscore Lists for Non-Web Games
Programmatically encrypting a config-file in .NET
How do I use 3des encryption/decryption in Java?
Encryption in C# Web-Services
Suitable alternative to CryptEncrypt
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
C# - CryptographicException: Padding is invalid and cannot be removed
How can I encode xml files to xfdl (base64-gzip)?
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Encrypting Passwords