MIDP Certificate exchange

[javavwire]

Hi all,

I have been programming MIDP applications for some time now, so I am
not new to it all.
However, I am new to encryption and the like when it comes to MIDP.

I have developed an application whereby users can process credit card
transactions, hence the need for encryption. I am using the
bouncycastle package to create a key pair, public and private on our
server. I then need the J2ME app to request the public key, and in
response the server must send a certificate containing ONLY the public
key. The J2ME should extract the public key and use the public key to
encrypt the data, send the data to the server, and the server can
decrypt the data and process it from there.

A new key pair will be generated for each session/encryption request,
and this will be done on the server, thereby taking the processing
weight off the shoulders of the J2ME app and increasing security.

I do not want the private key installed in the certificate at all, all
the certificate should contain is the public key. This is proving quite
difficult to do as I have not seen any help on google for my needs.

I have been on this project for a long time now, and I am desperate for
help.

Can anyone please tell me or direct me to a place that can help me
accomplish my task.

Thanks in advance,

JC Wouters

 

[Marcin Zduniak]

Hi,

I was working on project with exactly the same requirements. I wrote
my own implementation basing on examples from book "Enterprise J2ME:
Developing Mobile Java Applications" -
http://www.enterprisej2me.com/pages/enterprisej2me/book.php and using
bouncy castle sources. Examples in this book are rather
self-explanationary and easy to adjust to your needs.

Kind regards,
Marcin Zduniak / http://www.zduniak.com

 

[javavwire]

Hi Marcin,

I apologise for the late reply, I haven't had time to look at the link
but I will after I say, thank you for the help, any advice or
suggestions are most welcome and appreciated.

I will let you know how it goes,

Regards,

JC Wouters