开发者

Storing generated keypair on device using j2me

I am using Bouncy Castle to generate a public/private keypair and using it for encryption tasks. What would be the best way to store the keypair securely?

I have been unable to find a way to store on the devices keystore. Storing on a txt file wont work because it is as insecure as it gets. I could store it in RMS but then how does one secure this from a person with enough motivation to snoop?

Data store Update: Problem with RMS is that if the application is saved 开发者_StackOverflow社区in the mem card then the datastore is easily accessible to anyone.


As you're already using Bouncy Castle, then just implement a simple PBE (password based encryption) scheme to allow the records stored to be encrypted. For an example on how to do this have a look at the simple application I wrote many years ago.

http://www.eaves.org/jon/j2me/pocket.shtml

If you look at the .record package, you can see what I've done to encrypt and store individual records.

The "downside" to this approach is that you need to get the user to choose a "passphrase" and use that as part of the PBE. I'm not aware of any other approach to do what you want to do, and maintain security over the information stored. Any attempt to "hide" the key is futile, and insecure.


see my answer here, its secure to save in record store How to sort recordstore records based on a certain field in it?

every application have its own record store and removed on application uninstall

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜