Because each peer may act as a relay to forward messages between two peers, a peer must protect itself against a malicious relay peer that disseminates fallacious routing information or modifies data that passes through it. End-to-end communication channels need to be secured within the JXTA multi-hop network. This means that JXTA peers need to use appropriate cryptographic keys. A typical solution is to embed the cryptographic information in a smart card (SIM card) for handheld devices that may risk being lost or stolen.

JXTA provides a basic set of security classes based on the Java Card security 2.1 platform APIs. The Java Card API provides a minimal infrastructure appropriate for small, mobile, wireless devices, such as PDAs and cell phones. The JXTA security classes provide the basic foundation for defining RSA and secret keys; performing RC4 encryption; creating SHA-1 and MD5 message digests; and creating secure hashes and digital signatures based on these digests and an SHA-1-based, pseudo-random number generator. In the next few sections, we’ll look at JXTA’s Java API bindings for these operations, including an example that shows how this API can be used to sign information contained within a JXTA document. We’ll conclude with a discussion of the security considerations of JXTA’s membership requirements.