The SATSA-PKI optional package of the JSR-177 specification enables digital signatures to be used in applications, as well as basic user credential management (for example, for certificates).
The API was first introduced in S60 3rd Edition. For S60 specific implementation details of the API, see SATSA API implementation notes.
For devices that support SATSA API, see Forum Nokia, Devices.
Digital signatures are a cryptographically based signature assurance scheme. In the public key infrastructure (PKI), the public key used in the signature scheme is tied to a user by a digital identity certificate issued by a certificate authority. This means binding the relevant user information, such as name, address, phone number, etc., to a public key. The result of the scheme is digital signature.
Public-key digital signature schemes rely on public-key cryptography. In public-key cryptography, each user has a pair of keys: one public and one private. The public key is distributed freely, but the private key is kept secret by the user; another requirement is that it should be computationally infeasible to derive the private key from the public key.
Generally, digital signature schemes include three algorithms:
A key generation algorithm
A signing algorithm
A verification algorithm
Example: Person A sends a message to Person B and attaches a digital signature to the message. A has generated the digital signature by using his private key. When B receives the message, B runs the verification algorithm on the message, using A's public key, together with the signature to check whether the message was really sent by A.
the Cryptographic Message Syntax (CMS) format is specified in RFC 2630 with enhanced security services for RFC 2634. The syntax is used to digitally sign, digest, authenticate, or encrypt arbitrary messages.
The optional package contains two components:
The javax.microedition.pki package
Consists of the classes UserCredentialManager and UserCredentialManagerException. Allows you to manage certificates stored on your device (smart
card) and provides the process for getting the appropriate keys stored on
your device for encryption. Enables you to generate certificate requests and
to locally register user credentials. The user credentials are used in conjunction
with other parameters to compute formatted digital signatures.
When deployed on the MIDP 2.0 platform, the javax.microedition.pki package
also includes the interface Certificate (for providing
a common interface to (X.509) certificates) and CertificateException (for
errors occurring with Certificate), which are defined
in the MIDP 2.0 API.
The javax.microedition.securityservice package
Allows you to generate application-level digital signatures using certificates stored on you device (Certificate Store) that conform to the Cryptographic Message Syntax (CMS) format.
For more information on the javax.microedition.pki package,
see also SATSA
Developer's Guide on the Java Sun Web page.