Wiki
Clone wikilinphone-blackberry-mikey-sakke / Home
Linphone BlackBerry with MIKEY-SAKKE
Simply clone the repo and import it into your Blackberry eclipse workspace.
You will likely need to clean first to avoid a build issue. We intend to fix this.
A pre-built signed binary can be downloaded here.
MIKEY-SAKKE Key Management Service server
MIKEY-SAKKE is an identity-based key exchange scheme which depends on private and community key material being provided to users. A perl implementation of a suitable KMS can be found in the libmikey-sakke repository (a pre-packaged binary for Windows can be downloaded from here). For convenience of demonstration this KMS also includes a basic open SIP registrar/proxy.
A note about SAKKE performance
The performance of SAKKE key validation, encapsulation and extraction on J2ME BlackBerry devices is poor. It can take over 3 minutes to complete a key exchange! (The C++ implementation on similar hardware completes in under 2 seconds). For development purposes we have added a SAKKE:fake
MIKEY mode. This does all of the ECCSI signing and verification but uses the Shared Secret Value (SSV) from RFC 6508 and substitutes a predefined string for the SAKKE Encapsulated Data (SED) payload. When this SED is received by a phone in SAKKE:fake
mode, the SSV from the spec is used and no SAKKE work is done.
In future we intend to implement a SAKKE:remote
mode which will offload the heavy lifting (primarily the Tate-Lichtenbaum pairing) to a SAKKE accelerator module of a BlackBerry Enterprise Server (BES) installation.
Updated