Wednesday, January 30, 2008

Elliptic Curve Cryptography is not your usual encrypt-decrypt

When I began work on my security project for securing m-commerce transactions, I made all the design around the single concept (used in SSL, etc), of encrypting a secret/symmetric key with a public key of party X and sending it to the party X who will decrypt it with its private key. Subsequent communication will occur using the symmetric key. This encrypt-decrypt can happen using RSA.

However, after coming across many online documents and posts on the Bouncy Castle forums, I realized that ECC is not designed this way, at least in Bouncy Castle. You need to use something called as ECIES or Elliptic Curve Integrated Encryption Scheme. (See Wikipedia). ECIES takes care of key exchange (Diffie-Hellman) to establish a symmetric key (Confidentiality) and Message Authentication for Integrity.

However, encrypt-decrypt in ECC can be done using El Gamal Encryption over an Elliptic Curve. An open source Java library has been developed in this direction at the National University of Ireland Maynooth. Check out the publication and software section here

I learnt my lessons the hard way and need to stick to Bouncy Castle due to several reasons and had to change my design extensively. However, the library provided by the Irish University seems promising.

Monday, January 28, 2008

TOP 10 Tech Startups

Top 10 Start ups selected at an awards show called Crunchies :-)


And yes, there are no surprises, Facebook is in the list.

Getting your J2ME project working with Netbeans Mobility Pack and Bouncy Castle Lightweight API

This is just a quick way to get started with BC API and ECC. It is not the best or perfect way.

  1. Visit Bouncy Castle Download Page. Download Lightweight API for J2ME zip file. Search for Lightweight API or J2ME on the page to find the exact file.
  2. Unzip the file to say folder /BouncyCastle.
  3. Create a Mobile Application Project in Netbeans.
  4. Go to Project Properties -> Build -> Libraries and Resources ->Click on Add Jar/Zip
  5. Add BouncyCastle/lightwt....j2me/zips/cldc_classes.zip
  6. Go to Project Properties -> Build -> Obfuscation -> Select High Obfuscation Level and add following to Additional Obfuscation Settings.

-dontskipnonpubliclibraryclasses

-dontskipnonpubliclibraryclassmembers

-ignorewarnings

Using ASN.1 Notation DER Encoded ECDSA Signature in BC Lightweight API

So this is my first post and my first attempt to give back to the open source software community...

I have been working on a secure mobile payment system project for the past few months at university (www.sjsu.edu). We are using elliptic curve cryptography for our security needs. For implementation purposes, I am using Bouncy Castle Light Weight API for J2ME (http://www.bouncycastle.org/latest_releases.html).


Currently, I am attempting to create Certificate Requests using the API and I came across a hurdle that the API does not have a supporting Signature class that lets one create ASN.1 form of EC DSA (Elliptic curve DSA signatures) signatures that are embedded in certificates and so I set about creating one and is available here and here

This class was made to fulfil my need for a class that mimics the ECDSA functionality of java.Security.Signature and org.bouncycastle.jce.provider.JDKDSASignature. However, the class does not extend the Signature class since the Signature class in BC Lite API does not have a constructor. The class can be used to create and verify an ECDSA Signature in J2ME with the Bouncy Castle Lightweight Crypto API for J2ME.

The ECDSA Signature in ASN.1 Notation, this string is given as:
SEQUENCE {
r INTEGER,
s INTEGER
}

Signatures can be made of a CertificateRequestInfo Object and used to create a CertificationRequest (a pkcs 10 certificate request)

All classes mentioned above are classes of BouncyCastle Lightweight J2ME API and is needed to run this class as well.

Please refer comments in the file and accompanying test classes to understand the proper usage.


I hope to make available the PKI Infrastructure asap.