Blackberry encrypt+persist data

My system enables users to save their work as a draft. I'd like to encrypt the data before I persist it. I was working on this -

AESKey k = new AESKey();
AESEncryptorEngine a = new AESEncryptorEngine(k);
a.encrypt(byte[] data_input, int input_offset, byte[] data_output, byte[] output_offset);

I however need to persist an object. Is there a way to get a byte[] stream from an object? Also, which en开发者_开发百科cryption standard should I be looking at considering the processor / memory limitations of a mobile device?

Thanks,

Teja.

You mention that you're going to persist your object; does that mean that you intend to place it in the PersistentStore? If so, you have access to some built-in protection.

You can use a ControlledAccess object to prevent any access from an app without your code signing keys. You can find more information here: http://www.blackberry.com/developers/docs/4.1api/net/rim/device/api/system/ControlledAccess.html

To persist an object, have your class implement Serializable and write the object to a file. See here for more info about serialization.

If encryption is necessary, you could just encrypt the file. I'm pretty sure Blowfish is the way to go for an embedded device. It uses very little memory and AES is a bit slower on an ARM based processor.

From what I can tell, the ControlledAccees routines don't actually encrypt the object, they simply make finding the persistent object really hard.

Does anyone know how to either truly encrypt an object, or turn it into a byte stream so that it can be encrypted using BlowFish/TwoFish/another encryption technique?