I'm a J2ME programmer. Now my project is related to sending data to server by HTTP. Here I encrypt the data in J2ME side using the Bouncy Castle library (Triple DES). I also maintain the server side coding.
Then on the server side the received data is decrypted and stored in database. Here I'm assuming the key is statically fixed in my code. On the server side and on the J2ME side I use the same key value.
But I have the requirement that the key is randomly generated, not known to user.
If I encrypt the data with some key in the J2ME part, then how can the server decrypt it without knowing the key? Or is there is any other mechanism I can use to solve this? Could asymmetric cryptography help me here?
The way asymmetric cryptography works is the following:
Asymmetric algorithms are slower than symmetric encryption so they are often used only to exchange the secret password between the server and the client which will then be used to encrypt the messages using a symmetric algorithm.