Bouncy Castle

at morning I saw the name bouncy castle in forum. but I didn't know what it was.

but know I no.

I'm nowgoing to use it. I have a pdf from nokia showing a sample which uses bouncy castle. read this! it whould help you.

The size of the Bouncy Castle JAR file for J2ME is about 530 kilobytes. The size is due to the large number of ciphers, digests, and utility classes implemented in Bouncy Castle. Since one would normally use only one or two of those algorithms, obfuscation is a very effective means to reduce the size of the MIDlets JAR file.

One commonly used obfuscator is Proguard, which is very effective in reducing the size of the JAR file by removing unnecessary classes and methods. Proguard has been incorporated into Suns Wireless Toolkit, but the default obfuscation parameters are not adequate for processing the Bouncy Castle API.

The obfuscation of Bouncy Castle presents some special challenges. In particular, some of the algorithms require Java classes that are not available in CLDC. Examples of this are the java.security.SecureRandom and java.math.BigInteger classes. To solve this problem, Bouncy Castles J2ME version ships with implementation of those classes for J2ME. This creates an important difficulty because MIDP implementation should reject classes that are under the java and javax packages for security reasons.

Obfuscation with Proguard doesnt necessarily solve this problem, since package names are preserved. For example, the java.security.SecureRandom class will become java.security.a and the device will reject it anyway. Proguard offers a solution the defaultpackage option. This option will move all the classes to a specific package or remove the package name altogether. It should be noted that by using the defaultpackage option the MIDlet main class package name will change. The JAD and MANIFEST files must reflect this to work properly.

If it becomes necessary to unpack the already obfuscated JAR file (for instance, for preverification), it is also wise to use the dontusemixedcaseclassnames option. Otherwise, Proguard may rename the classes using letters in upper- and lowercases like a and A, when it runs out of names. This may happen when obfuscating Bouncy Castle because of the large number of classes involved. Mixed-case classes are legal but there can be problems when unpacking the file in operating systems that dont distinguish files with different cases.

Below is a possible Proguard configuration file that will correctly obfuscate Bouncy Castle:

-libraryjars midpapi.zip

-injars EncryptedSMS.jar

-outjar EncryptedSMS_o.jar

-keep -keep public class * extends javax.microedition.midlet.MIDlet

-defaultpackage

-dontusemixedcaseclassnames

etaa at 2007-7-29 11:34:20 >

thanks for the reply! I went to ibm site, it requires login? I am using netbean, when I obfuscate with following arguments, it gave warning messages

Obfuscator arguments:

-dontusemixedcaseclassnames

-defaultpackage ''

-overloadaggressively

-keep public class ** extends javax.microedition.midlet.MIDlet {

public *;

}

Warning: org.bouncycastle.math.ec.IntArray: can't find referenced method 'java.lang.Object clone()' in class java.lang.Object

Warning: there were 1 unresolved references to program class members.

Your input classes appear to be inconsistent.

You may need to recompile them and try again.

Morninga at 2007-7-29 11:34:20 >

I gave some errors to and I don't know now that this was one of them or not.

but net beans offered that if you want you can Ignore warnings by a command like -ignorewarnings(may be).

I did that and successfully obfuscated bouncy castle. to a jar with 21 kb size

the program will run but I don't know if it is possible to have some errors in run time because of that ignorance.

any one knows something

etaa at 2007-7-29 11:34:20 >

are you with me?

what do you mean by testing? do you say that if the midlet starts up, there will be no error?

etaa at 2007-7-29 11:34:20 >

ok! then I must test all possible inputs and outputs.

and my bouncy castle version is the one you said.

something else

when I obfuscate my project using net beans.my jad file and jar's manifest file will not contain the midlet name although I had kept the midlet clas name using -keep option.

this meens I can't debug my program.

any way to solve it?

etaa at 2007-7-29 11:34:20 >

how angry!!!

I have did it for the first time. It didn't work.

I did it again for ensurance.

it works!!!!

I can just say :

Excuse me

etaa at 2007-7-29 11:34:20 >