I’m developing a J2ME app which securely connects to a server to login. I’m having a lot of difficulty in setting up the SSL between the two so I thought of a simpler solution and I’m hoping you can give your views on it.
The J2ME Midlet is shipped WITH the server’s public key, on connect a message (username, password hash and random) is encrypted using that public key and sent to the server. The server then decrypts it and uses it to authenticate the client.
The main idea of the certificate authority is to say who is who, if the two parties know that already and agree that it won’t change (unless through an already authenticated connection), then don’t I bypass the need for one?
Thanks,
Vladimir
Yes, but I think you are missing the point. The program is shipped with the key, but there is no way of the user knowing that the program they’re downloading actually came from you, and not some malicious hacker intercepting/rewriting the communication; all the user sees is bits coming in from a wire on the wall.
Typically what you’ll do then is sign the jar with your key, and ship the key with your program. Now we have a chicken-and-egg problem: how do they know that the key came from you?
This is where the certificate authority comes in; the CA’s key is already on their computer, so they leave it up to the CA to verify who you are and sign your public key. Then when the user gets the public key, verifies that it was signed by the CA, and verifies that the jar was signed by the key, they know the key is yours and thus the jar must have come from you, since you are the only one who could have signed it with the private key.
Now, if your key were on their computer ahead of time (for instance, inside of a company where the keys are physically placed on the computers when they’re being set up), they yes, you absolutely don’t need to have the key signed.