Hi There,

I am working on a business application where the clients are Windows Mobile 6.1 Professional devices. The server is a Java enterprise application.

The industry working group recommends AES-256 encryption for client/server communications. This is necessary to gain certification. The encryption doesn't necessarily need to be channel encryption, it could be payload encryption. Channel encryption is preferable.

The client and server communicate using SOAP/HTTP, which we are yet to implement. We plan to use WCF on the compact framework. In order to alleviate some of the work required to implement manual encryption/decryption, it would be nice if we could achieve the required encryption either at the TLS level, or somehow using the WS-* standards (I'm not particularly familiar with that group of technologies but I am learning right now). The server supports https with 256-bit AES.

Does anybody have an idea on the best way to implement this?

Thanks in advance.