Linphone BlackBerry with MIKEY-SAKKE

Simply clone the repo and import it into your Blackberry eclipse workspace.

You will likely need to clean first to avoid a build issue. We intend to fix this.

A pre-built signed binary can be downloaded here.

MIKEY-SAKKE Key Management Service server

MIKEY-SAKKE is an identity-based key exchange scheme which depends on private and community key material being provided to users. A perl implementation of a suitable KMS can be found in the libmikey-sakke repository (a pre-packaged binary for Windows can be downloaded from here). For convenience of demonstration this KMS also includes a basic open SIP registrar/proxy.

A note about SAKKE performance

The performance of SAKKE key validation, encapsulation and extraction on J2ME BlackBerry devices is poor. It can take over 3 minutes to complete a key exchange! (The C++ implementation on similar hardware completes in under 2 seconds). For development purposes we have added a SAKKE:fake MIKEY mode. This does all of the ECCSI signing and verification but uses the Shared Secret Value (SSV) from RFC 6508 and substitutes a predefined string for the SAKKE Encapsulated Data (SED) payload. When this SED is received by a phone in SAKKE:fake mode, the SSV from the spec is used and no SAKKE work is done.

In future we intend to implement a SAKKE:remote mode which will offload the heavy lifting (primarily the Tate-Lichtenbaum pairing) to a SAKKE accelerator module of a BlackBerry Enterprise Server (BES) installation.