站内搜索: 请输入搜索关键词
当前页面: 图书首页 > Wireless Java Developing with J2ME, Second Edition

HTTPS is Almost Everything You Could Want - Wireless Java Developing with J2ME, Second Edition

Previous Section Next Section

HTTPS is Almost Everything You Could Want

The Generic Connection Framework has always been flexible enough to allow MIDP implementations to include support for HTTPS, which is HTTP over a secure connection like TLS or SSL. Starting with MIDP 2.0, support for HTTPS is now built into the MIDP platform. (See Chapter 9 for the skinny on HTTPS and its supporting APIs.)

TLS provides server authentication and an encrypted data connection between client and server. The security provided by TLS is sufficient for most applications. There are only a handful of reasons you might want to implement cryptographic solutions beyond what's available from TLS, including the following:

  • Client authentication. TLS provides server authentication, usually via an RSA certificate. But although TLS will support client authentication, the APIs in MIDP 2.0 don't allow you to take advantage of this feature. A technique for using password or passphrase authentication is presented later in this chapter. If you're looking for something stronger, a scheme based on client certificates and signatures is described at http://wireless.java.sun.com/midp/articles/security3/.

  • Stronger encryption. TLS usually results in encryption using 128-bit keys that are valid for a particular session. (Although you can't control which cipher suites are accepted on the client, you will probably have control of the server and will be able to configure acceptable cipher suites there.) For many applications, 128-bit session keys provide plenty of data security. However, if your application deals with especially sensitive or valuable data, you might want something stronger.

  • Message-driven applications. HTTPS only provides encryption for channels. Some applications work by sending encrypted messages over insecure transport like HTTP or sockets. Here the MIDP APIs are insufficient and you'll need to do your own cryptography.

As I said, HTTPS support in MIDP 2.0 is all you need for many applications. Read on if you need something stronger, or if you're just curious.

More information about HTTPS and TLS in MIDP is at http://wireless.java.sun.com/midp/articles/security2/.


Previous Section Next Section