[dsdp-mtj-dev] RC4Engine issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[dsdp-mtj-dev] RC4Engine issue

From: "Raniere Hugo-wha006" <wha006@xxxxxxxxxxxx>
Date: Fri, 25 Apr 2008 19:44:05 -0400
Delivered-to: dsdp-mtj-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/dsdp-mtj-dev>
List-help: <mailto:dsdp-mtj-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/dsdp-mtj-dev>, <mailto:dsdp-mtj-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/dsdp-mtj-dev>, <mailto:dsdp-mtj-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: AcinLj9Hi6HOOU+ATQmU5KOHiNoB9Q==
Thread-topic: RC4Engine issue

Hi Craig,

We’ve removed the class RC4Engine that came from BouncyCastle as per Eclipse IP Team request.

The only class that references it is org.eclipse.mtj.core.model.impl.MetaData.java from org.eclipse.mtj.core plug-in. It is used to encrypt and decrypt keystore and key passwords in a project metadata file .mtj (formerly .eclipseme).

For a first solution I’ve commited the classes w/out Encryptation / decryptation, the data is only converted to base64.

Now, I’m working in a replacement for the RC4Engine class.

I was able to use the RC4 implementation that comes with default JCE providers through

javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance("RC4");

This algorithm is available since JDK 1.4.2.

However, the key scheme used by JCE is very different from the one you originally used.

According to the latest version in EclipseME SVN (http://eclipseme.svn.sourceforge.net/viewvc/eclipseme/trunk/eclipseme-src/plugins/eclipseme.core/src/eclipseme/core/model/impl/MetaData.java?view=markup) you’ve used the UTF-8 converted bytes from the string EclipseME as the key for RC4 algorithm.

Unfortunately I could not reproduce this same behavior using JCE. The only way I could get a valid RC4 key was through a KeyGenerator object, generating a key different from the one you used in EclipseME.

The bad side is that this will break the compatibility from MTJ and EclipseME (Projects created using EclipseME will not have their password retrieved correctly when moved to MTJ).

In fact, I’ve just realized that we haven’t thought about this compatibility, as we’ve changed the project metadata file name from .eclipseme to .mtj, what implies that after importing projects created with eclipseme into MTJ, users must convert their projects to J2ME projects via the J2ME option in projects popup menu. Do you think breaking this compatibility is a big issue, or are you ok with that, given that it is a new project? In the future we can implement a project migration wizard from EclipseME to MTJ if we think is necessary.

Given that this compatibility will be broken, do you have any hints of how can you handle the encryptation/decryptation of user password?

Looking forward to hear from you,

Hugo

PS. Sorry for this long e-mail, I was just trying to give you (and other mail-list members) as much information as I can about the problem. Feel free to contact me if you didn’t understand or need a better explanation on anything in this mail

Follow-Ups:
- Re: [dsdp-mtj-dev] RC4Engine issue
  - From: Craig Setera

Prev by Date: [dsdp-mtj-dev] Preverification support on MTJ
Next by Date: Re: [dsdp-mtj-dev] RC4Engine issue
Previous by thread: [dsdp-mtj-dev] Preverification support on MTJ
Next by thread: Re: [dsdp-mtj-dev] RC4Engine issue
Index(es):
- Date
- Thread

Breadcrumbs