The optional SATSA-PKI package of the JSR-177 specification enables users to generate digital signatures and manage user credentials (such as certificates).
The SATSA-PKI package is supported since Nokia Asha software platform devices. Usage of SATSA-PKI requires obtaining MIDP permissions. For more information on permissions of this API, see Security and Trust Services API (JSR-177).
To find out which devices support the SATSA API, see Nokia Developer device specifications.
Digital signatures are a cryptographically based signature assurance scheme. In the public key infrastructure (PKI), the public key used in the signature scheme is tied to a user by a digital identity certificate issued by a certificate authority. This means binding the relevant user information, such as name, address, and phone number, to a public key. The result of the scheme is digital signature.
Public-key digital signature schemes rely on public-key cryptography. In public-key cryptography, each user has a pair of keys: one public and one private. The public key is distributed freely, but the private key is kept secret by the user; another requirement is that it should be computationally infeasible to derive the private key from the public key.
Generally, digital signature schemes include three algorithms:
Key generation algorithm
Signing algorithm
Verification algorithm
Example: Person A sends a message to Person B and attaches a digital signature to the message. A has generated the digital signature by using his private key. When B receives the message, B runs the verification algorithm on the message, using A's public key, together with the signature to check whether the message was really sent by A.
The Cryptographic Message Syntax (CMS) format is specified in RFC 2630 with enhanced security services for RFC 2634. The syntax is used to digitally sign, digest, authenticate, or encrypt arbitrary messages.
The optional package contains two components:
The javax.microedition.pki package
Consists of the classes UserCredentialManager and UserCredentialManagerException. Allows
you to manage certificates stored on your device (smart card) and
provides the process for getting the appropriate keys stored on your
device for encryption. Enables you to generate certificate requests
and to locally register user credentials. The user credentials are
used in conjunction with other parameters to compute formatted digital
signatures.
When deployed on the MIDP 2.0 platform, the javax.microedition.pki package also includes the interface Certificate (for providing a common interface to (X.509)
certificates) and CertificateException (for errors
occurring with Certificate), which are defined
in the MIDP 2.0 API.
The javax.microedition.securityservice package
Allows you to generate application-level digital signatures using certificates stored on you device (Certificate Store) that conform to the Cryptographic Message Syntax (CMS) format.
For more information about the javax.microedition.pki package, see SATSA Developer's Guide on the Oracle website.