Start of Content Area

Procedure documentation Setting Up Secure Storage Locate the document in its SAP Library structure

Use

When using DB2e as persistence, you can make use of encrypted DB2e installables. This requires the use of a password to connect to the database instance.

Normally MI uses a default password and the encoded format of this password is stored internally. However the users can specify their own password and then the encoded format of this password is stored in the MobileEngine.config file.

In order to further protect this encoded password from the eyes of unauthorized users, Secure Storage functionality can be used. Secure Storage is a mechanism of storing the encrypted database password in a more secure manner, and the database password is removed from the MobileEngine.config file which anyone can access.

When the database password is securely stored as encrypted data, it is only accessible after authentication:

      If the user logs on with the local password, he or she has access to the stored, encrypted password.

      If the user authenticates him- or herself by means of Single Sign-On, the server supplies the password to access the stored, encrypted password.

Caution

Note that you can only use the Strong Encryption in countries where this is allowed.

Prerequisites

      You have downloaded the Secure Storage toolkit from note 1014307.

      Only one user has been created on the device before enabling secure storage.

Procedure

To enable secure storage, deploy the Secure Storage toolkit to the mobile device:

      If you are using the old technology: Use the Web Console to upload the toolkit and to deploy it to the device, see Structure linkUploading Add-On Files and Structure linkAssignment of Mobile Components to Users.

      If you are using the new technology: Use the Mobile Administrator to convert and deploy the toolkit, see Deployment of Mobile Components

Alternatively, you can also enable secure storage manually:

...

       1.      Add the following parameters to the file MobileEngine.config:

       MobileEngine.Security.Persist.SecureStorage = true

       MobileEngine.Security.Implementation.Provider = iaik.security.provider.IAIK

Use one of the methods to do this that are referred to in Parameters in MobileEngine.config.

       2.      Copy the iaik_jce.jar file for encryption into the <jdk installation directory>\jre\lib\ext directory.

See also:

For information on other parameters and the different configuration methods: Parameters in MobileEngine.config

End of Content Area