Secure servlet calls to (free) Google App Engine Groovlets

Secure servlet calls to (free) Google App Engine Groovlets

I'm in the process of creating a game overlay distributed application with
C# that needs to send data to a GAE server and gets a data update as
response.
I used Gaelyk for a simple GET Groovlet but I wonder about how to secure
the data delivery to my service. At the moment (local server) I just do
GET calls with parametes. For successful processing I simply check that
all parameters have been submitted with the call.
But as soon as I'm out in the wild this is no option. Problem is that
Hackers although it's a niche application will have a strong interest in
getting the response data as this can have a big impact on the game
itself, e.g. gives a huge advantage for the hackers.
As GAE doesn't have a SSL option afaik, I thought of doing somehting like
this:
First start of the client application generates a public/private key
The client would have the public key of my GAE server included
For each call I would encrypt the data to send with the clients private
key/servers public key and send it via PUT (because of URL length)
There would be only one parameter, the key beeing the public key of the
client and the value beeing the encrypted data
The server now decrypts with clients public key and his server private key
and can upate the data
For the response I would encrypt with clients public key/the servers
private key
The client is now able to decrypt the response data
Is this a legit way to secure my service? Are there better alternatives?
And how to start on C# and Gaelyk/Groovy with asymetric encryption?
PS: I needed to go with C# because of some requirements with memory
reading and I needed to use GAE because it's free for personal usage and I
don't expect big traffic. I used Gaelyk because of the simplifed
Servlet/Datastore handling.
Edit: I just saw Security on Google App Engine(Java) - Servlet SSL? about
using SSL for free is possible. So my questions should rather be
Is this enough for secure communication? Can I use this from within my c#
application without hassly for the user?