<strong>HOW CAN I STORE SYMMETRIC KEYS ON A SERVER?</strong>
0 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Luca_Ventura
Posted On:   Sunday, December 2, 2001 07:33 AM

Hello! I am an Italian student at Pisa University... I am developing a project using SUN JCE 1.2 (both STANDARD and MICRO EDITION versions) API, using the provider IAIK. I want to use a symmetric algorithm (such as RC5 or RC4) to exchange secure data between a server and all the clients ( a client can be a mobile device midp 1.0 compliant that uses J2ME API). To do this I did the following steps: 1) The server sends its X509 certificate and the public key (RSA algorithms) to the client when it is contacted. 2) The client parses the certificate (to authenticate the server) and gets the public key. 3) The client generates a symmetric key (SK) with RC4 o   More>>

Hello!

I am an Italian student at Pisa University...

I am developing a project using SUN JCE 1.2 (both STANDARD and MICRO EDITION versions) API, using the provider IAIK.


I want to use a symmetric algorithm (such as RC5 or RC4) to exchange secure data between a server
and all the clients ( a client can be a mobile device midp 1.0 compliant that uses J2ME API). To do this I did the following steps:



1) The server sends its X509 certificate and the public key (RSA algorithms) to the client when it is contacted.

2) The client parses the certificate (to authenticate the server) and gets the public key.

3) The client generates a symmetric key (SK) with RC4 or RC5 algorithm.

4) The client encodes SK with the publick key of the server and sends it to to the server.

5) The server decodes the SK with the private key and stores it.

6) Now server and client can communicate using SK and a more powerful symmetric algorithm (RC5 or RC4)
instead of RSA algorithm.



So I have implemented a semplified verion of SSL protocol....


The problem is that I don't know where to store all the symmetric keys that the server receives from every client that connects to him.



Given that the SSL protcol requires that a client generates a symmetric key to send to the server to communicate, which is the best way for the server to store all the symmetric keys it receives from the clients?

Can I use an hashtable (in fact I can have many connections in the same moment with many clients!)? Or what? Note I can NOT use "Session objects" (Session or HTTPSession) because they are NOT supported in Java 2 MICRO EDITION (J2ME) environment...and a client can be a MIDP 1.0 device that uses J2ME API!


I want to point out that my server is a SERVLET.



I hope someone can help me...


Thanks in advance!

Luca

   <<Less
About | Sitemap | Contact