Hello!


I am an Italian student at Pisa University...



I am developing a project using SUN JCE 1.2 (both standard and MICRO EDITION versions) API, using the provider IAIK).



I want to use a symmetric algorithm (such as RC5 or RC4) to exchange secure data between a server
and all the clients. To do this I did the following steps:



1) The server sends its X509 certificate and the public key (RSA algorithms) to the client when it is contacted.

2) The client parses the certificate (to authenticate the server) and gets the public key.

3) The client generates a symmetric key (SK) with RC5 algorithm.

4) The client encodes SK with the publick key of the server and sends it to to the server.

5) The server decodes the SK with the private key and stores it.

6) Now server and client can communicate using SK and a more powerful symmetric algorithm (RC5 or RC4)
instead of RSA algorithm.



So I have implemented a semplified version of SSL protocol....



The problem is that I don't know where to store all the symmetric keys that the server receives from every client that connects to him.



Given that the SSL protcol requires that a client generates a symmetric key to send to the server to communicate, which is the best way for the server to store all the symmetric keys it receives from the clients?

Can I use an hashtable (in fact I can have many connections in the same moment with many clients!)? Or what? Note I can NOT use "Session objects" (like "Session" or "HttpSession") because they are NOT supported in Java 2 MICRO EDITION environment, and the client can be a mobile device (like a Java phone) that uses Java 2 Micro Edition (J2ME) API!


I want to point out that my server is a SERVLET.


I hope someone can help me...


Thanks in advance!


Luca