Since data invocation to/from IBM MobileFirst and Mobile App client is in plain text, I'd like to encrypt some data (let's say a password) on the mobile app and decrypt it in IBM MobileFirst adapter after it's being passed to the adapter. What would be the best way to achieve that? I've seen some suggestion to use SJCL. Where would I store the key? I assume the key must be the same in the app and server-side.
YES. your are right. The SJCL uses various security technologies to secure passwords and protect them against a multitude of attacks.
MobileFirst offer you WL.SecurityUtils for achieve that. and store the key as your requirement,but you're not even trying. Still, a depressingly popular option.