My application need to connect to critical data on our server, and i want to encrypt the link to the server, so, How could I do that?
Thanks a lot in advance,
Use bouncy castle library for encrypt and decrypt. For more information look this article, How to encrypt / decrypt with AES from Bouncy Castle API in J2ME applications.
Also look this discussion on Nokia fourm, Data encryption/decryption in J2ME.
Related
I'm creating an app using yodlee api, so far everything good, but right now, I'm having this block related to the PKI feature of yodlee. I'm not able to encrypt the data using "RSA/ECB/PKCS1Padding" as they request, all I found so far are java examples, anyone with a snippet of code, or a reference to make this possible on ruby?
I guess you are referring to this manual to integrate Yodlee API with PKI feature.
Have a look into the ruby's OpenSSL classes. Encryption using RSA is possible with the OpenSSL::PKey::RSA class, see also this intro doc. Basically you have to load the public key returned from the API, and use the public_encrypt method to encrypt the data and hex-encode it in the end. The encryption uses the PKCS1_PADDING by default which is just what you want.
A complete example is available in this SO answer.
In my iOS application, i need to decode response which is encoded on server using OWASP ESAPI. web-service is written using java.
ESAPI means Enterprise Security API. This is a library which helps to avoid common security pitfalls.
It is not an "encoding" method per se, if you review its encoding suggestions you may work out the input behind.
This may have a simple solution that I'm just not seeing, but Android apps can be decompiled, so people can extract your OAuth key and secret from your code. What is the best way to prevent this?
All depends on your architecture. May be the best solution is not to place secret data in apps but better in service/server application. All what can be decompiled will be decompiled. You may only gain time for exctracting data from apps by means of encryption.
I have created AES key in java using seed mechanism and the same thing using BlackBerry.
My input string for Seed is same in both of these case. But I am getting different AES. But the created AES key should be same.
Is there any online help for creating AES key using seed mechanism for BlackBerry
You have already asked this question. The answer I gave there is still the best way. I am using what is documented there to pass data between the Blackberry and a Java server program encrypted with AES. Works fine provided you follow the API documentation on each side.
Hi seed mechanism in java and blackberry are not same.
so u will never get same result in java and blackberry. so better create a key by yourself and send to blackberry users. they will use the key.
Thanks
Sunil Kumar Sahoo
I have developed a 'REST-like' XML API that I wish to expose for consumption by third-party web applications. I'm now looking to implement a security model for the exchange of data between a third-party application and the 'REST-like' XML API. I would appreciate suggestions for a suitable asymmetric encryption model.
If you want encryption why not just use SSL to encrypt the connection rather than encrypting the response data? If 128-bit SSL isn't sufficient, then you'll either need to integrate some existing PKI infrastructure using an external, trusted authority or develop a key distribution/sharing infrastructure yourself and issue your public key and a suitable private key/identifier to your API consumers. Choose one of the cryptography providers in System.Security.Cryptography that supports public/private key exchange.
HTTPS works with asymmetric key encryption. It is well-known protocol easy to implement.
It protects against 3p intrusion in your communication.
All you need to implement "below" is authentication - to make sure your user known to you.
Common thing to do is to provide users with key that needs to be sent with every request.
Most common is to implement the OAuth protocol. This is what is used for the OpenSocial providers that checks authorization with 2-legged and/or 3-legged oAuth
Just do some google search and you will find a lot of implementations.