<strong>HOW CAN I STORE SYMMETRIC KEYS ON A SERVER?</strong>
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Luca_Ventura
Posted On:   Sunday, December 2, 2001 07:51 AM

Hello! I am an Italian student at Pisa University... I am developing a project using SUN JCE 1.2 (both standard and MICRO EDITION versions) API, using the provider IAIK). I want to use a symmetric algorithm (such as RC5 or RC4) to exchange secure data between a server and all the clients. To do this I did the following steps: 1) The server sends its X509 certificate and the public key (RSA algorithms) to the client when it is contacted. 2) The client parses the certificate (to authenticate the server) and gets the public key. 3) The client generates a symmetric key (SK) with RC5 algorithm. 4) The client encodes SK   More>>

Hello!


I am an Italian student at Pisa University...



I am developing a project using SUN JCE 1.2 (both standard and MICRO EDITION versions) API, using the provider IAIK).



I want to use a symmetric algorithm (such as RC5 or RC4) to exchange secure data between a server
and all the clients. To do this I did the following steps:



1) The server sends its X509 certificate and the public key (RSA algorithms) to the client when it is contacted.

2) The client parses the certificate (to authenticate the server) and gets the public key.

3) The client generates a symmetric key (SK) with RC5 algorithm.

4) The client encodes SK with the publick key of the server and sends it to to the server.

5) The server decodes the SK with the private key and stores it.

6) Now server and client can communicate using SK and a more powerful symmetric algorithm (RC5 or RC4)
instead of RSA algorithm.



So I have implemented a semplified version of SSL protocol....



The problem is that I don't know where to store all the symmetric keys that the server receives from every client that connects to him.



Given that the SSL protcol requires that a client generates a symmetric key to send to the server to communicate, which is the best way for the server to store all the symmetric keys it receives from the clients?

Can I use an hashtable (in fact I can have many connections in the same moment with many clients!)? Or what? Note I can NOT use "Session objects" (like "Session" or "HttpSession") because they are NOT supported in Java 2 MICRO EDITION environment, and the client can be a mobile device (like a Java phone) that uses Java 2 Micro Edition (J2ME) API!


I want to point out that my server is a SERVLET.


I hope someone can help me...


Thanks in advance!


Luca

   <<Less

Re: <strong>HOW CAN I STORE SYMMETRIC KEYS ON A SERVER?</strong>

Posted By:   Jay_Meyer  
Posted On:   Thursday, January 3, 2002 09:03 PM

This tricky stuff here is that you will have multiple threads running at the same time and the servlets will be multi-threaded to support multiple users at once. This would happen if used servlets or if you wrote your own Java server/listener app.


Try using a singleton pattern where you have a static class that creates a single HashMap. Make sure the accesses are synchronized and then have the servlet call this singleton class to update and read the keys in the HashMap. That should allow all threads to see the common data, and sychronizing the accesses should avoid corrupting the HashMap.


If you need to keep the keys longer, or have many JVMs, you could make the servlet write the keys to a file and "sychronize" of a semaphore-file.


I can write some quick code frags if you need me to clarify this point.

About | Sitemap | Contact