java - Private and Public Key -

when create user create private , public key. public key token id user. private key used encrypt , decrypt of data.

when user login, android app call rest web service , after validation return private , public key. using private key app can create signature.

is correct way? using http not https.

is correct way?

no.

i using http not https.

why? can't see why don't use https else. it's solved problem.

to correct mis-statements:

1. the private key used decrypt data only, , create digital signatures.
2. the public key used encrypt data , verify digital signatures.
3. the public key of no use user token, because is, err, public.

you need learn lot more pki presently appear know.