Hi!
So, like many of the questions, the answer to "how do I do the encryption" is: It Depends.
What is the "webservice" expecting? It should have a protocol designed to accept username and password, and it should explain how you put the username and password into the stream of information you are required to deliver.
What kind of encryption are you planning to do to the username and password? This leads back to the previous question. If the webservice doesn't have the key needed to decrypt the username and password, any encryption scheme is going to fail.
If the webservice is expecting your application to transmit over SSL/TLS, the encryption is handled by the OS on both sides. I would expect that this information is being transmitted via SSL/TLS anyway, because you don't want to send un/pw info over regular HTTP.
Usually username and password information is hashed - a unique number is generated based on what the cleartext un/pw are, and this number is compared to a hash of the available un/pw in the service (usually just the password is hashed at both ends, because usernames tend to be readily available anyway). If the comparison succeeds (i.e., the webservice hash of user AAA's password matches the hash value generated on the BlackBerry for the password provided by user AAA), then good things happen.
The BlackBerry API comes with a great deal of crypto classes, which you'll need to sign your app to be able to use. Check out net.rim.device.api.crypto, it will list the packages and classes it contains. Look for "SHA1Digest" as well as "MD5Digest" - these are "Digest" classes, which is another fancy name for "Hash". Sort of.
Cheers,
karl
__________________
Karl G. Kowalski
---------------
Owns a RAZR
Develops for BlackBerry
So next phone will be........an iPhone 3G!
|