How to use J2ME Wireless Toolkit security features
Description:
This article refers from: http://java.sun.com/j2me/docs/wtk2.0/user_html/security.html
Ready to work:
J2ME Wireless Tools must be installed, get from http://java.sun.com/j2me.
1. Introduction to the security characteristics of J2ME wireless tools:
The J2ME Wireless Toolkit combines the enhanced security features provided by MIDP 2.0 and provides our tools for using new security features. These enhanced security features are:
· Program signature
· Different levels of security
· The identity of the sender of the program verification program
· Verify the integrity of applications received by the device
Second, the signature MIDlet kit:
When we build and pack our MIDlet kit (see http://www-900.cn.ibm.com/j-weveloperworks/cn/java/J-J2ME/index.shtml), you can use J2ME Wireless Toolkit. Security tools sign the MIDlet kit. J2ME Wireless Kit not only can use the existing pair of public keys and private key signing MIDlet kits, but also use a new pair of public keys and private keys we generated. Each pair key is associated with a certificate. By assigning a security domain to a certificate, the holders holding a trust-level certificate have access to protected APIs and other APIs.
The MIDlet kit can be assigned to one of the following domain types:
• The source of the Untrusted-MIDlet kit and JAR file integrity are not trusted by the device (eg, an unqualified MIDlet kit).
· Trusted - a certificate signature that the MIDlet suite represented by the JAR file is used by the device to be verified.
· Minimum-a security domain: All access protected APIs are rejected, including access push (PUSH) features and network protocols.
· Maximum- is the same as Trusted. A security domain: All access protected APIs are allowed, including access push (PUSH) functions and network protocols.
The process of signing is clearly the complex process of calling the keytool tool, Jadtool, MeKeyTool. The security tool in the J2ME wireless kit is composed of the graphical interface we call. It can complete the entire process without the need to use the command line tool. Using security tools, we can do:
· Establish a new key and provide an alias for it
· Copy the certificate from a pair of J2SE KeyStore from J2SE KeyStore
· Add a pair of key certificates to the JAD file of the MIDlet kit
· Digital signature MIDLET kit's JAR file, the JAD file signature for the MIDlet suite
· Delete old certificate
When the J2ME Wireless Toolkit creates a pair of keys, the certificate is saved in the Me KeyStore file.
Access http://java.sun.com/products/midp to get more descriptions about MIDP2.0.
Third, establish a pair of keys and sign the MIDlet suite:
If we need to create a pair of keys, we can generate using the New Key Pair dialog window. After a alias, a unique name, the organization name, this tool will generate a public key and a private key referenced by the alias. This is stored in the KeyStore. A certificate associated with this pair of honeymates is also generated, and we will be asked to provide a security domain associated with this certificate. The certificate related to this key is automatically imported into the keystore of the default emulator. We will use it to sign the MIDlet kit.
Note - The behavior of the generation of a pair of keys and signature MIDlets in the Wireless Kit environment is just for the purpose of testing. Signature is a virtual behavior rather than actual events. When we run our application, you must obtain a certificate authorized by the certificate authority recognized by our devices.
The step of generating a pair of keys:
1. Select Project -> Sign in The Ktoolbar. The window of the signed MIDlet kit opens. Another way to open the window of the signature MIDlet kit is to select File-> Utilities and click the SIGN MIDLET button.
2. Click New Key Pair in the window of the signature MIDlet suite, provide the following information:
The new key pair alias contains the server name of the key pair of storage KeyStore. Organizational Name
This is the minimum requirement for generating a key pair.
3. Click Create and provide a security domain name associated with the certificate.
This is generated on the key, and the alias is added to the alias list.
We can see information about this certificate and key in the J2sekey Detail panel. This information includes certificate subject and unique name (DN) of the issuer (DN), the serial number of the certificate, the validity period of the certificate, the encryption algorithm used, the digital signature of the certificate authorizer. A copy of a certificate is automatically stored in the keystore of the default emulator.
4. Click the signature MIDlet window, select the JAD file of the MIDlet kit from the file selection.
Certificate is copied to .jad file. The JAR file is digitally signed. A confirmation dialog will appear when the signature is successful. If the signature fails, a dialog box with error messages and error will appear.
Note - Only when the application management system is set to over-the-air (OTA) when publishing an application, the application (using the signature JAD and JarmIdlet suite) can run.
Fourth, import the encryption key to the MIDlet suite signature:
We can use an existing key to sign the MIDlet kit.
1. Click Import Key Pair in the window of the signature MIDlet suite, and select the keystore file from the file selection.
2. Enter the password to access the KeyStore.
3. Select an alias in the alias list of KeyStore
4. Enter the alias referenced by the certificate
5. Select the security domain associated with the certificate
6. Click Sign MIDlet Suite in the Signature MIDlet Suite window, select the JAD file of the MIDlet kit from the file selection.
A confirmation dialog will appear when the signature is successful. If the signature fails, a dialog box with error messages and error will appear.
V. Delete an alias:
Delete a pair of keys:
1. Select the key pair you want to delete in the window of the signed MIDlet suite
2. Select Action-> Delete Selection
A confirmation dialog will appear. Click Yes to continue to delete actions. The alias that references the deleted key pair will be deleted from the list.
6. Manage the default simulator certificate:
The default simulator comes with a default certificate set. Certificates are used to check the validity of the network connection and the validity of the signature MIDlet kit. If you are using a security protocol to access the Web site, such as HTTS or SSL, the certificate of the site will be checked if it is valid. The certificate of the MIDlet kit will also be used to check if the access site has permission. If the site certificate is invalid or the MIDlet suite has no permissions, the behavior of the access site will be rejected. When we are virtual a network transmission, the certificate in the keystore of the default simulator will be checked. For information on how to add API permissions for a network protocol in a wireless kit environment, please refer to Adding API Permissions.
The J2ME Toolkit Provided Certificate Manager can help us maintain the certificate in the keystore of the default simulator. If we add a certificate set to the default emulator, we can import a certificate from J2SE KeyStore to the default simulator KeyStore or get a certificate from a certificate authority and import it to the default simulator keystore. When the certificate expires or the certificate is not used, we can remove it from the KeyStore.
The certificate list in the certificate manager we can see the certificate in J2ME. Of course, you can also display a list of certificates by using the command line tool, such as MeKeyTool. For information on how to use MeKeyTool, please refer to Appendix D, "Command Line Utilities.". View certificate:
1. Select File -> Utilities, click the Manage Certificate button in the Utilities dialog.
The open J2ME certificate management window displays the certificate in the J2ME KeyStore file.
2. Select the certificate from the J2ME KEY DETAIL panel to view its details.
Import certificate:
We can import a certificate from J2SE KeyStore or get a certificate from a certificate authority and import it from a certificate authority to the default simulator keystore.
Select File -> Utilities Click the Manage Certificate button.
Import certificates from J2SE KeyStore:
1. Select Action -> Import J2se Certificate.
2. Provide a certificate that is imported by default.
3. Select the KeyStore file that stores the certificate from the file selection.
The default keystore file is KeyStore.sks.
4. Enter the password when accessing KeyStore.
The default KeyStore Password is Password.
5. Select a certificate alias from the alias list.
The certificate appears in the J2ME KeyStore certificate list, we can choose the certificate and select the certificate from the J2ME Key Detail panel to view its details.
Import certificates from certificates:
In order to obtain a certificate from CA, we must generate a certificate request. When we receive a certificate, you can import the certificate into the default emulator via the certificate manager.
1. Click Import Certificate to select a certificate from the file selector.
Certificate use .cer as an extension.
2. Select the security domain from the Security Domain dialog box
The certificate is copied to the keystore of the default simulator and appears in the list of certificate managers.
Manage other KeyStores certificates:
If there is more than a keystore file in J2ME KeyStore, we can open this KeyStore file through the Certificate Manager to see the certificate in this keystore. Of course, you can also use the certificate manager to delete the certificate in this KeyStore file.
Open another KeyStore:
· Click Open KeyStore, select the keystore file from the file selector.
in conclusion:
Composite of J2ME Wireless Toolkin Security Features: Key Certificate -> KeyStore.
Among them, the key certificate (because the certificate is related to the key is seen here as an overall view) can be generated using the tool generation, or the KEYSTORE of J2SE can also be imported. However, only the program that is generated when testing is running normally. KeyStore can view a collection of key certificates for saving certificates.
How to use J2ME Wireless Toolkit security features
Ready to work:
J2ME Wireless Tools must be installed, get from http://java.sun.com/j2me.
1. Introduction to the security characteristics of J2ME wireless tools:
The J2ME Wireless Toolkit combines the enhanced security features provided by MIDP 2.0 and provides our tools for using new security features. These enhanced security features are:
· Program signature
· Different levels of security
· The identity of the sender of the program verification program
· Verify the integrity of applications received by the device
Second, the signature MIDlet kit:
When we build and pack our MIDlet kit (see http://www-900.cn.ibm.com/j-weveloperworks/cn/java/J-J2ME/index.shtml), you can use J2ME Wireless Toolkit. Security tools sign the MIDlet kit. J2ME Wireless Kit not only can use the existing pair of public keys and private key signing MIDlet kits, but also use a new pair of public keys and private keys we generated. Each pair key is associated with a certificate. By assigning a security domain to a certificate, the holders holding a trust-level certificate have access to protected APIs and other APIs. The MIDlet kit can be assigned to one of the following domain types:
• The source of the Untrusted-MIDlet kit and JAR file integrity are not trusted by the device (eg, an unqualified MIDlet kit).
· Trusted - a certificate signature that the MIDlet suite represented by the JAR file is used by the device to be verified.
· Minimum-a security domain: All access protected APIs are rejected, including access push (PUSH) features and network protocols.
· Maximum- is the same as Trusted. A security domain: All access protected APIs are allowed, including access push (PUSH) functions and network protocols.
The process of signing is clearly the complex process of calling the keytool tool, Jadtool, MeKeyTool. The security tool in the J2ME wireless kit is composed of the graphical interface we call. It can complete the entire process without the need to use the command line tool. Using security tools, we can do:
· Establish a new key and provide an alias for it
· Copy the certificate from a pair of J2SE KeyStore from J2SE KeyStore
· Add a pair of key certificates to the JAD file of the MIDlet kit
· Digital signature MIDLET kit's JAR file, the JAD file signature for the MIDlet suite
· Delete old certificate
When the J2ME Wireless Toolkit creates a pair of keys, the certificate is saved in the Me KeyStore file.
Access http://java.sun.com/products/midp to get more descriptions about MIDP2.0.
Third, establish a pair of keys and sign the MIDlet suite:
If we need to create a pair of keys, we can generate using the New Key Pair dialog window. After a alias, a unique name, the organization name, this tool will generate a public key and a private key referenced by the alias. This is stored in the KeyStore. A certificate associated with this pair of honeymates is also generated, and we will be asked to provide a security domain associated with this certificate. The certificate related to this key is automatically imported into the keystore of the default emulator. We will use it to sign the MIDlet kit.
Note - The behavior of the generation of a pair of keys and signature MIDlets in the Wireless Kit environment is just for the purpose of testing. Signature is a virtual behavior rather than actual events. When we run our application, you must obtain a certificate authorized by the certificate authority recognized by our devices.
The step of generating a pair of keys:
1. Select Project -> Sign in The Ktoolbar.
The window of the signed MIDlet kit opens. Another way to open the window of the signature MIDlet kit is to select File-> Utilities and click the SIGN MIDLET button.
2. Click New Key Pair in the window of the signature MIDlet suite, provide the following information:
The new key pair alias contains the server name of the key pair of storage KeyStore. Organizational Name
This is the minimum requirement for generating a key pair.
3. Click Create and provide a security domain name associated with the certificate.
This is generated on the key, and the alias is added to the alias list.
We can see information about this certificate and key in the J2sekey Detail panel. This information includes certificate subject and unique name (DN) of the issuer (DN), the serial number of the certificate, the validity period of the certificate, the encryption algorithm used, the digital signature of the certificate authorizer. A copy of a certificate is automatically stored in the keystore of the default emulator. 4. Click the signature MIDlet window, select the JAD file of the MIDlet kit from the file selection.
Certificate is copied to .jad file. The JAR file is digitally signed. A confirmation dialog will appear when the signature is successful. If the signature fails, a dialog box with error messages and error will appear.
Note - Only when the application management system is set to over-the-air (OTA) when publishing an application, the application (using the signature JAD and JarmIdlet suite) can run.
Fourth, import the encryption key to the MIDlet suite signature:
We can use an existing key to sign the MIDlet kit.
1. Click Import Key Pair in the window of the signature MIDlet suite, and select the keystore file from the file selection.
2. Enter the password to access the KeyStore.
3. Select an alias in the alias list of KeyStore
4. Enter the alias referenced by the certificate
5. Select the security domain associated with the certificate
6. Click Sign MIDlet Suite in the Signature MIDlet Suite window, select the JAD file of the MIDlet kit from the file selection.
A confirmation dialog will appear when the signature is successful. If the signature fails, a dialog box with error messages and error will appear.
V. Delete an alias:
Delete a pair of keys:
1. Select the key pair you want to delete in the window of the signed MIDlet suite
2. Select Action-> Delete Selection
A confirmation dialog will appear. Click Yes to continue to delete actions. The alias that references the deleted key pair will be deleted from the list.
6. Manage the default simulator certificate:
The default simulator comes with a default certificate set. Certificates are used to check the validity of the network connection and the validity of the signature MIDlet kit. If you are using a security protocol to access the Web site, such as HTTS or SSL, the certificate of the site will be checked if it is valid. The certificate of the MIDlet kit will also be used to check if the access site has permission. If the site certificate is invalid or the MIDlet suite has no permissions, the behavior of the access site will be rejected. When we are virtual a network transmission, the certificate in the keystore of the default simulator will be checked. For information on how to add API permissions for a network protocol in a wireless kit environment, please refer to Adding API Permissions.
The J2ME Toolkit Provided Certificate Manager can help us maintain the certificate in the keystore of the default simulator. If we add a certificate set to the default emulator, we can import a certificate from J2SE KeyStore to the default simulator KeyStore or get a certificate from a certificate authority and import it to the default simulator keystore. When the certificate expires or the certificate is not used, we can remove it from the KeyStore.
The certificate list in the certificate manager we can see the certificate in J2ME. Of course, you can also display a list of certificates by using the command line tool, such as MeKeyTool. For information on how to use MeKeyTool, please refer to Appendix D, "Command Line Utilities.".
View certificate:
1. Select File -> Utilities, click the Manage Certificate button in the Utilities dialog.
The open J2ME certificate management window displays the certificate in the J2ME KeyStore file.
2. Select the certificate from the J2ME KEY DETAIL panel to view its details.
Import certificate:
We can import a certificate from J2SE KeyStore or get a certificate from a certificate authority and import it from a certificate authority to the default simulator keystore. Select File -> Utilities Click the Manage Certificate button.
Import certificates from J2SE KeyStore:
1. Select Action -> Import J2se Certificate.
2. Provide a certificate that is imported by default.
3. Select the KeyStore file that stores the certificate from the file selection.
The default keystore file is KeyStore.sks.
4. Enter the password when accessing KeyStore.
The default KeyStore Password is Password.
5. Select a certificate alias from the alias list.
The certificate appears in the J2ME KeyStore certificate list, we can choose the certificate and select the certificate from the J2ME Key Detail panel to view its details.
Import certificates from certificates:
In order to obtain a certificate from CA, we must generate a certificate request. When we receive a certificate, you can import the certificate into the default emulator via the certificate manager.
1. Click Import Certificate to select a certificate from the file selector.
Certificate use .cer as an extension.
2. Select the security domain from the Security Domain dialog box
The certificate is copied to the keystore of the default simulator and appears in the list of certificate managers.
Manage other KeyStores certificates:
If there is more than a keystore file in J2ME KeyStore, we can open this KeyStore file through the Certificate Manager to see the certificate in this keystore. Of course, you can also use the certificate manager to delete the certificate in this KeyStore file.
Open another KeyStore:
· Click Open KeyStore, select the keystore file from the file selector.
in conclusion:
Composite of J2ME Wireless Toolkin Security Features: Key Certificate -> KeyStore.
Among them, the key certificate (because the certificate is related to the key is seen here as an overall view) can be generated using the tool generation, or the KEYSTORE of J2SE can also be imported. However, only the program that is generated when testing is running normally. KeyStore can view a collection of key certificates for saving certificates.
