Enable FIPS 140-2 HTTPS encryption for IBM Worklight mobile apps

Secure, application-level HTTP/HTTPS client libraries for hybrid and native mobile apps

IBM Research has created application-level HTTP/HTTPS client libraries that you can use to make FIPS 140-2 encrypted HTTP/HTTPS requests directly within mobile applications. In this article, get step-by-step instructions for integrating the HTTP/HTTPS client libraries into your IBM Worklight® Studio hybrid and native iOS and Android apps. You'll then be able to invoke the library APIs to create FIPS 140-2 encrypted network requests and transmit them to FIPS 140-2 certified SSL termination points—both inside the firewall of private enterprise networks (through a reverse proxy architecture) and outside of them.

Benjamin Fletcher, Ph.D. (bfletch@us.ibm.com), Software Engineer, IBM

Author photo - Ben Fletcher Dr. Benjamin Fletcher is a software engineer in the Emerging Technologies Solutions Development (ETSD) Group at TJ Watson Research Center in Yorktown Heights, New York. His research focus is in developing new enterprise solutions for smart mobile devices. Prior to joining the ETSD research group, Dr. Fletcher was a member of the Interconnect Technologies group at TJ Watson Research Center and investigated the manufacturing challenges associated with scaling a copper backend beyond the 15 nm node. Before joining IBM, Dr. Fletcher was a Fellow at the Center for Nanophase Materials Science at Oak Ridge National Laboratory where his primary research interests were in developing new biosensors and NEMS devices. Dr. Fletcher received his Ph.D. in Materials Science and Engineering from the University of Tennessee-Knoxville and has a broad range of research experience in both computer hardware and software.



Eric Barkie (ebarkie@us.ibm.com), Software Engineer, IBM

Author photo - Eric BarkieEric Barkie graduated from the Plattsburgh State University of New York with a BS in computer science in 1998. He works as a senior software engineer at the IBM Thomas J. Watson Research Center in Yorktown Heights, New York. He is currently a developer in Emerging Client and Network Technologies. When not working, Eric can usually be found playing or watching hockey.



Bhargav Perepa (bvperepa@us.ibm.com), WebSphere Architect and IT Specialist, IBM

Bhargav PerepaBhargav Perepa is a WebSphere architect and IT specialist in the IBM Federal Software Group in Washington DC area. Previously, he was a developer in the Austin WebSphere Development Lab and had Smalltalk and C++ development experience at IBM Chicago. Bhargav holds a master's degree in Computer Science from the Illinois Institute of Technology, Chicago, and a master's in business administration (MBA) from the University of Texas, Austin.


developerWorks Contributing author
        level

24 September 2013

Also available in Japanese Portuguese

Haven't tried IBM Worklight yet?

Download and try Worklight Developer Edition now.

This Eclipse plug-in provides a visual development and server platform for building, testing, and deploying hybrid, native, and web apps for iOS and Android, as well as Blackberry and Windows Phone devices.

It's free for evaluation purposes. Learn more.

When mobile application developers created HTTP or HTTPS requests, they typically invoke methods provided by the device and operating system to generate and submit their requests. These methods, usually an abstraction of lower-level operations such as data encryption, are exposed to developers through higher-level methods and properties within an HTTP/HTTPS client class.

While you as a developer benefit from the ease-of-use offered by this abstraction, there is a trade-off in being dependent on the implementation of the HTTP/HTTPS client class provided by each device and OS manufacturer. In this article, we present an alternative—a suite of application-level HTTP/HTTPS client libraries—for creating HTTP/HTTPS requests directly in hybrid, iOS, and Android native mobile applications.

The libraries are built using OpenSSL FIPS 2.0.3 (see "FIPS 140-2 compliance in the client libraries" below) and do not depend on operating system libraries for data encryption. As such, they offer unique capabilities and an unparalleled degree of configurability. As a mobile developer, you can use the client libraries to submit HTTP/HTTPS requests either directly to SSL termination points outside of a firewall, or indirectly to SSL termination points behind the firewall through a reverse proxy.

The application-level HTTP/HTTPS client libraries are also compatible with IBM products such as IBM Security Access Manager, WebSphere® DataPower® Service Gateway XG45, WebSphere DataPower Integration Appliance XI, and WebSphere Application Server.

In this article, we'll walk step-by-step through the process of integrating the application-level HTTP/HTTPS client libraries into an IBM Worklight Studio mobile development project running in an Eclipse IDE. At the end of the article, you will have installed and set up the HTTP/HTTPS client libraries in a Worklight Studio V5.0.6.1 project; created a simple hybrid, iOS, or Android demo app with the built-in and configured client libraries; and invoked the client library APIs to submit an FIPS 140-2 encrypted HTTPS request directly from your mobile application.

 

To get the most out of this article, you should be familiar with mobile application development for hybrid and native (iOS and Android) applications using IBM Worklight Studio, which is the development environment in IBM Worklight. Check out our tutorials and sample code for Getting started with IBM Worklight.

 

Install HTTP/HTTPS client libraries and IBM Worklight v5.0.6.1 InterimFix

About the build environment

The development environment for the demo apps used in this article consists of IBM Worklight v5.0.6.1 InterimFix 201309171955 (see Fix Central, Fix ID 201309171955; this InterimFix version is required in order to use the capabilities described in this article) and Android Development Tools v21.1.0 installed on an Eclipse Classic IDE v4.2. We used XCode v4.6 to write the native iOS application. All of the development tools were installed on a Mac OS X v10.7.5.

To start, download the IBM Worklight Client Libraries (iOS and Android FIPS HTTP/S Client Libraries for Worklight), which are stored in a file named HTTPClient.zip. Unzip or extract the file to a convenient location. Later, you will access these files in order to add them to your IBM Worklight Studio project. For iOS applications, you will also copy the incore_macho file provided in the package (HTTPClient/iOS/incore_macho) to a location where it can be executed. Typically this is a directory in your $PATH such as /usr/local/bin on Apple Mac OSX systems.

Many of the features of the client libraries should work with other versions of Worklight Studio, but FIPS 140-2 compliance for client-to-server traffic is currently supported only by the Worklight v5.0.6.1 InterimFix 201309171955. In order to follow the steps in this article, you should install the Worklight v5.0.6.1 InterimFix now.

FIPS 140-2 compliance in the client libraries

The Federal Information Processing Standard (FIPS) Publication 140-2 from the National Institute of Standards and Technology is a US Federal Government computer security standard used to certify cryptographic methods on a public infrastructure. When requested by an SSL termination endpoint, the OpenSSL FIPS 2.0.3 object module is used for data encryption in the application-level HTTP/HTTPS client libraries. For each library, the FIPS object module was compiled from unaltered source code, which was provided on a DVD by the OpenSSL Foundation. Makefiles and build scripts were downloaded from the OpenSSL Foundation repository and were only modified to reflect the local build environment. (See Resources to learn more about OpenSSL FIPS 2.0.3.)

The FIPS object module (fipscanister.o) is included in libcrypto, which was compiled into static (for the iOS implementation) and dynamic (for the Android implementation) libraries. In the case of iOS, the integrity of the FIPS object module is verified using the incore tool before any application referencing it is compiled. In the case of Android, the integrity of the FIPS object module was verified using the incore tool after libcrypto.so.1.0.0 was compiled.

FIPS mode is enabled in the HTTP/HTTPS libraries using the FIPS_mode_set() function. The client libraries re-check FIPS-mode status prior to executing any HTTP/HTTPS request and throw an exception if the FIPS mode is not true. Results are displayed in the debug console. Exceptions thrown by the libraries can be handled as FIPS compliance errors.


HelloHTTPClient

We'll use a demo app to demonstrate the process of integrating the application level HTTP/HTTPS client libraries into an IBM Worklight Studio project. After building a basic hybrid application, we'll present instructions to set up and configure application environments for iOS and Android. All of the necessary code for the demonstrations is located in the HTTPClient.zip file (see Resources to download it.)

We'll start by creating and configuring a Worklight Studio project for a hybrid application.

  1. Create a new Worklight project in your Eclipse IDE by selecting the Worklight icon on your toolbar (as shown in Figure 1) or by going to File>New>Project>Worklight Project and selecting the Next button.
    Figure 1. The Worklight icon in the Eclipse IDE toolbar
    A screenshot of the Worklight icon in the Eclipse toolbar.
  2. Select the Hybrid Application project template, specify your project name, and select the Next button:
    Figure 2. Create a hybrid application project
    A screenshot showing a listing of possible application templates and a field for naming the project.
  3. Name your application, then select Finish:
    Figure 3. Name and create the application
    A screenshot showing a field to type in the application name: HelloHTTPClientApp.
  4. Add the JavaScript file HTTPClient/common/js/WLHTTPRequest.js to apps>HelloHTTPClientApp>common>js:
    Figure 4. Add HTTPClient/common/js/WLHTTPRequest.js to your project
    Add a JavaScript file to the project.
  5. Add a reference to the JavaScript interface files uVPN.js and WLHTTPRequest.js to apps>HelloHTTPClientApp>common>HelloHTTPClientApp.html as shown in Figure 5. (You will integrate uVPN.js into the project later in this article.)
    Figure 5. Add the JavaScript interface files to HelloHTTPClientApp.html
    Add two JavaScript interface files to the project.
  6. Add an enableFIPS option to apps>HelloHTTPClientApp>common>js>initOptions.js as shown in Figure 6. Setting enableFIPS to true enables FIPS for all JavaScript HTTP/HTTPS requests.
    Figure 6. Add an enableFIPS initOption to initOptions.js
    Add enableFIPS initOption to initOptions.js.

Next you'll add the demo application UI to the common folder HTML and JavaScript files in apps>HelloHTTPClientApp>common. You'll also add a demo Worklight server adapter to the adapters folder.

  1. Find the demo application UI in the HTTPClient/demoUI/common folder in the HTTPClient.zip file you downloaded at the start of this article.
  2. Copy HTTPClient/demoUI/common/js/HelloHTTPClientApp.js and HTTPClient/demoUI/common/js/usersCollection.js to apps>HelloHTTPClientApp>common>js.
  3. Copy HTTPClient/demoUI/common/HelloHTTPClientApp.html to apps>HelloHTTPClientApp>common.
  4. Find the demo adapter in the HTTPClient/demoUI/adapters folder and copy the user adapter folder to your project adapters folder.
  5. Find the application-descriptor.xml file in apps->HelloHTTPClientApp and update the worklightServerRootURL variable to point to a FIPS 140-2 compliant SSL termination point. (For example, you could use a reverse proxy pointing to a Worklight server and/or a Worklight server running in FIPS mode.)

Next, build and deploy your new demo app.

  1. Select the Build All and Deploy option by highlighting apps->HelloHTTPClientApp and bringing up the Option menu or by going to Run->Run As.
    Figure 7. Build all and deploy
    Select Build all and Deploy.
  2. Select the Deploy Worklight Adapter option by highlighting your adapter in project adapters (adapters->user) and bringing up the Option menu or by going to Run->Run As.
    Figure 8. Deploy Worklight adapter
    Deploying the adapter.
  3. Upload HelloHTTPClientApp-common.wlapp and your adapter (for example, user.adapter) from your project workspace folder->bin (as shown in Figure 9) to your Worklight server via the management console (shown in Figure 10). You will also need to upload an updated wlapp after creating each new Worklight environment.
    Figure 9. Locate HelloHTTPClientApp-common.wlapp in your project workspace folder
    Placing the app in the project folder.
    Figure 10. Upload HelloHTTPClientApp-all.wlapp to your Worklight server
    Uploading the Worklight application.

Integrating the client library in iOS

You now have a basic Worklight Studio project and hybrid application. In this section, you'll integrate the HTTP/HTTPS client library for iOS into an iOS Worklight Studio application environment. Android developers may jump to the instructions for setting up and configuring an Android application environment.

The process for creating an iOS application environment in Worklight Studio is similar to creating the initial hybrid application. You will need to select an iOS device type, either iPhone or iPad. Note that we've configured the demo app for an iPhone device.

  1. Create a new iOS Worklight environment by selecting the Worklight icon on your Eclipse IDE toolbar or by going to File->New->Other->Worklight Environment and selecting the Next button.
  2. Check the box(es) next to iPhone and/or iPad, and select the Finish button, as shown in Figure 11.
    Figure 11. Create a Worklight environment for iOS
    A screenshot of the checked iPhone box.
  3. Add the JavaScript file HTTPClient/iOS/js/uVPN.js to apps->HelloHTTPClientApp->iPhone->js as shown in Figure 12.
    Figure 12. Add HTTPClient/iOS/js/uVPN.js to your project
    A screenshot of adding HTTPClient/iOS/js/uVPN.js to the project folder
  4. Select the Build All and Deploy option by highlighting apps->HelloHTTPClientApp and bringing up the Option menu or by going to Run->Run As.
    Figure 13. Build and deploy
    A screenshot of the Run As option.
  5. Upload HelloHTTPClientApp-iphone-X.wlapp from your project workspace folder->bin to your Worklight server via the management console as shown in Figure 7.
  6. Launch the XCode project by highlighting apps->HelloHTTPClientApp->iPhone and bringing up the Run As Option menu, as shown in Figure 14. Alternatively, go to Run->Run As from the toolbar.
    Figure 14. Launch the XCode project
    A screenshot of the Run-As option.
  7. Open the XCode project source root, which is the folder that contains HelloHTTPClientHelloHTTPClientAppIphone.xcodeproj. You can select it in the Finder ({WORKSPACE}/HelloHTTPClient/apps/HelloHTTPClientApp/iphone/native), by right-clicking the main project and selecting Find in Finder or by highlighting the main project and selecting the arrow icon next to Full Path:
    Figure 15. Open the XCode project source root
    A screenshot of clicking the arrow icon to select the XCode source root.
  8. Copy the HTTPClient/iOS/uvpn folder into the XCode project source root, as shown in Figure 16:
    Figure 16. Copy the uvpn folder into the project source
    A screenshot of selecting and copying the upvn folder to the project source.
  9. Open your project build phases by highlighting your project, clicking the HelloHTTPClientHelloHTTPClientAppIphone target, and clicking Build Phases. Add libuvpn.a, libxml2.dylib, and libicucore.dylib to Link Binary with Libraries by clicking the plus (+) symbol at the bottom of the page. Both libxml2.dylib and libicucore.dylib are standard libraries distributed with XCode and should be listed in the available frameworks. For libuvpn.a you will have to press Add Other and navigate to the folder you just copied: uvpn->libuvpn.a:
    Figure 17. Add libuvpn.a, libxml2.dylib, and libicucore.dylib to your project target
    Adding three lib files to the project target.

As noted at the beginning of this article, some additional setup is required for the iOS implementation of the client libraries. The incore tool must be executed during the iOS application build phase to verify the integrity of the FIPS object module (fipscanister.o) embedded within the iOS application. In the following steps, we ensure that the incore tool is properly executed by adding a run script to the build phase.

  1. Add a run script to the target build phase by first clicking the Add Build Phase button in the lower right corner, as shown in Figure 18.
    Figure 18. Add a run script to the build phase
    A screenshot of adding the run script to the build phase.
  2. Next, in the space provided for the script, add the following line of code. The full path is shown in Figure 19.
    {INSTALL_PATH}/incore_macho -exe "$CONFIGURATION_BUILD_DIR/$EXECUTABLE_PATH"
    Figure 19. Add the incore_macho Execute command to run script
    A screenshot of adding incore_macho to the run script.
    Note that {INSTALL_PATH} is the location where you installed the HTTPClient/iOS/incore_macho file.
  3. Add library header file paths to your project by highlighting the project, clicking the HelloHTTPClientHelloHTTPClientAppIphone target, and clicking Build Settings. Find Header Search Paths under the Search Paths section (see Figure 20) and add the following file paths (be sure to include quotes around each path):
    "$(SRCROOT)/uvpn"
    "$(SRCROOT)/uvpn/fips"
    "$(SRCROOT)/uvpn/include"
    Figure 20. Add header file paths to your XCode project build settings
    A screenshot of adding header file paths.
  4. Add the HTTPClient/iOS/HTTPClientClasses folder from HTTPClient.zip to your XCode project. Either drag the folder into the project file hierarchy or go to File->Add Files to HelloHTTPClientHelloHTTPClientAppIphone and navigate to the HTTPClient/iOS/HTTPClientClasses folder. Be sure to check the Add to targets box next to HelloHTTPClientHelloHTTPClientAppIphone and select the Create groups for any added folders option. You can also copy items into a destination group's folder if you want to keep a local copy in your project directory.
    Figure 21. Add the HTTPClientClasses folder to your XCode project
    A screenshot of file options.
  5. Modify Classes/HelloHTTPClientApp.h. If necessary, unlock Classes/HelloHTTPClientApp.h for editing. Replace the statements shown below:
    	#import <Foundation/Foundation.h>
    	#import "WLCordovaAppDelegate.h"
    
    	@interface MyAppDelegate : WLCordovaAppDelegate {
    
    }

    with the following statements:

            #import <Foundation/Foundation.h>
    	#import "MicroVPNAppDelegate.h"
    
    	@interface MyAppDelegate : MicroVPNAppDelegate {
    
    }
  6. Similarly, modify HTTPClientClasses/VPN.h by replacing the following import statement:
    #import "AppDelegate.h"

    with

    #import "HelloHTTPClientApp.h”
  7. Next, create a new worklight.plist definition. Go to Resources->worklight.plist, press Ctrl, and click on the plist definition to bring up the Option menu, then select Add Row. Alternatively, highlight one of the plist definitions and click the plus (+) sign as shown in Figure 22. If necessary, unlock worklight.plist for editing.
    Figure 22. Modify worklight.plist
    A screenshot of adding a row for the new plist definition.
  8. Create a plist definition with the key enableFIPS and the value true, as shown in Figure 23. Because this is a technology preview, you will have to re-add the enableFIPS parameter to your worklight.plist after every build and deploy.
    Figure 23. Create an enableFIPS plist definition with a value of true
    A screenshot of the plist definition.
  9. Finally, modify Classes/CDVMainViewController.m to add a javascript interface to the HTTP/HTTPS client libraries. If necessary, unlock Classes/CDVMainViewController.m for editing. Replace the following method:
    - (BOOL)webView:(UIWebView *)theWebView shouldStartLoadWithRequest:(NSURLRequest *)request
    navigationType:(UIWebViewNavigationType)navigationType

    with the one shown below:

    Click to see code listing

    - (BOOL)webView:(UIWebView *)theWebView shouldStartLoadWithRequest:(NSURLRequest *)request
    navigationType:(UIWebViewNavigationType)navigationType
    		{
    			NSURL * url = [request URL];
    				if ([[[url scheme] lowercaseString] isEqualToString:@"vpn"])
    			{
    				NSString * path  =  [url path];
    				NSString * command = [url host];
    				NSString * options =  [path substringWithRange:NSMakeRange(1, [path length] - 1)];
    					NSArray* components = [command componentsSeparatedByString:@"."];
    				if (components.count == 2)
    				{
    					NSString* className = [components objectAtIndex:0];
    					NSString* methodName = [components objectAtIndex:1];
    						NSString* fullMethodName = [[NSString alloc] 
                                                                    initWithFormat:@"%@:forWebView:", thodName];
    							if ([NSClassFromString(className) 
                                                                              respondsToSelector:NSSelectorFromString
                                                                                     (fullMethodName)])
    					{
    			 			[NSClassFromString(className) performSelector:NSSelectorFromString
                                                                               (fullMethodName)
                                                                    withObject:options withObject:theWebView];
    					}
    					else
    					{
    			 			[NSException raise:NSInternalInconsistencyException format:
                                                                    @"Class method '%@' not defined against class '%@'.", 
                                                                               fullMethodName, className];
    					}
    			 		[fullMethodName release];
    				}
    				return NO;
    			}
    			else {
    				return [ super webView:theWebView shouldStartLoadWithRequest:
                                               request navigationType:navigationType ];
    			}
    }

Integrating the client library for Android

If you've followed the instructions so far, then integrating the application-level HTTP/HTTPS library for Android will be relatively easy.

  1. Create a new Android Worklight Environment by selecting the Worklight icon on your toolbar or by going to File->New->Other->Worklight Environment and selecting Next.
  2. Check the box(es) next to Android and select the Finish button, as shown in Figure 24.
    Figure 24. Create an Android environment in Worklight
    A screenshot of the fields for naming the Android project and environment.
  3. Upload HelloHTTPClientApp-android-X.wlapp from your project workspace folder->bin to your Worklight server via the management console (see Figure 7).
  4. Add the JavaScript file HTTPClient/Android/js/uVPN.js to apps->HelloHTTPClientApp->Android->js:
    Figure 25. Add HTTPClient/Android/js/uVPN.js to your project
    A screenshot of adding the uVPN.js file.
  5. Now open the Android project source root (the folder that contains AndroidManifest.xml) in the Finder ({WORKSPACE}/HelloHTTPClient/apps/HelloHTTPClientApp/android/native). Copy the HTTPClient/Android/assets, HTTPClient/Android/libs, and HTTPClient/Android/src folder contents from your downloaded HTTPClient.zip file to the corresponding directories in {WORKSPACE}/HelloHTTPClient/apps/HelloHTTPClientApp/android/native. Make sure that the following files are copied from HTTPClient/Android to their corresponding workspace locations, as shown below.
    HTTPClient\Android\assets to
    {WORKSPACE}/HelloHTTPClient/apps/HelloHTTPClientApp/android/native/assets
    a.	libcrypto.so.1.0.0.zip
    b.	libssl.so.1.0.0.zip
    HTTPClient\Android\libs to
    {WORKSPACE}/HelloHTTPClient/apps/HelloHTTPClientApp/android/native/libs
    c.	armeabi/libuvpn.so
    HTTPClient\Android\src to
    {WORKSPACE}/HelloHTTPClient/apps/HelloHTTPClientApp/android/native/src
    d.	com/uvpn/HybiParser.java
    e.	com/uvpn/VPNHandler.java
    f.	com/uvpn/WebSocketClient.java
  6. Refresh your Worklight project in Eclipse to reflect the changes you've made, as shown in Figure 26.
    Figure 26. Refresh the Worklight project in Eclipse
    A screenshot of selecting the Refresh button.

    The folders should now resemble Figure 27.

    Figure 27. Copy the Android files from HTTPClient into your project folder
    A screenshot of the new folder layout.
  7. Next you will add a JavaScript interface to the HTTP/HTTPS client libraries. Add the following four lines of code (which are highlighted in Figure 28) to apps->HelloHTTPClientApp->Android->native->src->com->HelloHTTPClientApp->HelloHTTPClientApp.java:
    import com.uvpn.VPNHandler;
    
    VPNHandler vpn = new VPNHandler(this, appView);
    appView.addJavascriptInterface(vpn,"VPN");
    
    WLDroidGap.getWLConfig()._enableFIPS();
    Figure 28. Add a JavaScript interface to HelloHTTPClientApp.java
    A screenshot of the selected folders in the IDE.

Invoking the library APIs

The application-level HTTP/HTTPS library APIs were modeled on industry standard HTTP/HTTPS APIs, making them very easy for developers to learn and use. In the sections that follow, we describe the library APIs for each of our three application environments and provide references to the standard documentation describing how to use them.

Application-level library APIs for hybrid applications

The JavaScript interface file HTTPClient/common/js/WLHTTPRequest.js overrides the standard XMLHttpRequest class. You can invoke XMLHttpRequest using standard APIs and have requests automatically re-routed through the HTTP/HTTPS library and FIPS 140-2 algorithms used for SSL encryption. See Resources for the XMLHttpRequest class specification.

Application-level library APIs for native Android applications

The Java class FipsHttpClient is a subclass of the Apache HttpClient. Methods, constructors, and properties of FipsHttpClient are identical to HttpClient with a few notable exceptions. FipsHttpClient implements only two of the HttpClient execute methods:

public HttpResponse execute (HttpUriRequest request, HttpContext context)

and

public HttpResponse execute (HttpUriRequest request)

Note that HttpContext is implicitly set to NULL in the second execute method. A RuntimeException is thrown for all other HttpClient execute methods. See Resources for the HttpClient class specification.

Application-level library for native iOS applications

The HTTP/HTTPS client libraries include a modified version of libcurl (v7.16.3). Native iOS applications can directly invoke the C bindings of libcurl to create and manage HTTP/HTTPS requests. The requests will automatically be re-routed through the HTTP/HTTPS library where FIPS 140-2 algorithms will be used for SSL encryption. See Resources for a description of the standard libcurl APIs.


Download

Get the IBM Worklight Client Libraries (iOS and Android FIPS HTTP/S Client Libraries for Worklight), which are stored in a file named HTTPClient.zip.


Conclusion

This article helps you get started with the new application-level HTTP/HTTPS client libraries developed by IBM Research. The application level HTTP/HTTPS client libraries serve as a more flexible and configurable alternative to OS- and device-specific HTTP/HTTPS client class implementations in hybrid and native applications built using IBM Worklight Studio. See the Resources section to learn more about the security and transport standards implemented by the HTTP/HTTPS client libraries.

Acknowledgments

The authors of this article gratefully acknowledge the feedback, constructive suggestions, support, and productive teaming from the following IBMers:

  • William D. Dodd, Software Engineer, Mobile Application Platform (bdodd@us.ibm.com)
  • Raj Balasubramanian, Senior Software Engineer, Product Architect for IBM Mobility Services (raj_balasubramanian@us.ibm.com)
  • Mark A. Smith, WebSphere Technical Professional Manager (marksmith@us.ibm.com)
  • Dr. Robert Weaver, IT Security Architect for IBM Global Business Services
  • Jiachen Zhao, Software Engineer for IBM Worklight (jzhao@us.ibm.com)

The authors used a number of open source projects in order to create the dem apps and libraries described within this article, including OpenSSL, cURL, lwIP, XML2, and OpenConnect.

Resources

Learn

  • Getting started with IBM Worklight V6.0: Use these self-paced learning modules to install and configure IBM Worklight V6.0, and to learn how to start using it to build, test, deploy, and manage your smartphone and tablet apps for iOS, Android, Blackberry, and Windows Phone devices.
  • "Creating your first Worklight application": Set up and write your first application.
  • "IBM Worklight server configuration for FIPS 140-2 validation and certification" (Bhargav Perepa, developerWorks, May 2013): This two-part article introduces the FIPS 140-2 standard and explains how to configure your IBM Worklight Server for FIPS 140-2 compliance testing.
  • FIPS PUB 140-2: Read the NIST documentation for the FIPS 140-2 Security Requirements for Cryptographic Modules standard.
  • Using HTTP/HTTPS library APIs in hybrid and native apps:
  • Transport layer security protocols: Learn more about SSL (Secure Socket Layer) and TLS (Transport Layer Security).
  • At the developerWorks Mobile development site, get and learn how to use the IBM MobileFirst tools and technologies for mobile application developers. Explore our free software downloads and cloud trials, sample code, expert how-to advice, videos, training, and discussion.

Get products and technologies

Comments

developerWorks: Sign in

Required fields are indicated with an asterisk (*).


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name



The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 


All information submitted is secure.

Dig deeper into Mobile development on developerWorks


  • Bluemix Developers Community

    Get samples, articles, product docs, and community resources to help build, deploy, and manage your cloud apps.

  • Mobile weekly

    Innovations in tools and technologies for mobile development.

  • DevOps Services

    Software development in the cloud. Register today to create a project.

  • IBM evaluation software

    Evaluate IBM software and solutions, and transform challenges into opportunities.

static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=Mobile development, Security
ArticleID=945918
ArticleTitle=Enable FIPS 140-2 HTTPS encryption for IBM Worklight mobile apps
publish-date=09242013