[aerogear-dev] AeroGear Android Crypto / DataManager Proposal

Summers Pittman supittma at redhat.com
Tue Nov 5 13:00:33 EST 2013 

On Tue 05 Nov 2013 12:08:09 PM EST, Corinne Krych wrote:
>
> Hi Summers
>
> Referring to
> http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Fallback-Strat-for-DataManager-td5188.html
> where we might have async API for store in JS, I think we might
> benefit of async for native apps too, specially in the case of
> encrypted stores.
>
> Something like https://github.com/rnapier/RNCryptor#asynchronous-use
>
> Of course, it can be done in later releases. Encrypting large field,
> you don't want to have your UI sluggish.
>
> wdyt?
The DataManager/Data Store API is synchronous, Pipes and Piplines are 
asynchronous.  That is a key difference.

I don't know about iOS but on Android not everything happens on the 
main thread, for instance we could be dealing with a processing a 
service intent for instance.



>
> ++
> Corinne
>
> On 5 November 2013 17:44, Summers Pittman <supittma at redhat.com
> <mailto:supittma at redhat.com>> wrote:
>
>     On 11/05/2013 02:41 AM, Corinne Krych wrote:
>     > Hello all,
>     >
>     > I've got 2 points:
>     >
>     > - modularity: AeroGear libs are small and modular: we have a
>     separate aerogear-otp-ios, aerogear-push-ios-registration so that
>     if the user wants to use aerogear without push, he can use
>     aerogear-ios, if he needs the push-registration, he uses both. For
>     encryption store, where do we want to put EncryptedStore?
>     aerogear-android depends on aerogear-crypto.
>     On Android it is going into the main library.  We can research slicing
>     the client library up for 2.0, but I would like to, for now, make
>     getting up and running with anything AeroGear on Android as simple as
>     including the dependency.
>     >
>     > - Encrypting data takes time. It would be nice to have
>     EncryptedStore encrypts data on separate thread and provide
>     callbacks on completion.
>     > thoughts?
>     Then we would have an encrypted Pipe.  One of the things about
>     Stores is
>     that they are synchronous, Pipes are asynchronous.
>
>     >
>     > ++
>     > Corinne
>     > On Nov 4, 2013, at 5:30 PM, Daniel Passos <daniel at passos.me
>     <mailto:daniel at passos.me>> wrote:
>     >
>     >> The idea is implementing only save(add/update) and delete,
>     using the stores we already have today by just adding crypt /
>     decrypt and scheduling Query (readWithFilter) for the next release
>     >> DataManager
>     >>
>     >> public Store encryptedStore(String storeName, String passphrase) {
>     >>          // TODO Create a default passphrase-based KeyStore
>     >>          KeyStore keyStore = null;
>     >>          return encryptedStore(storeName, keyStore);
>     >> }
>     >>
>     >> public Store encryptedStore(String storeName, KeyStore keyStore) {
>     >>          StoreConfig storeConfig = new StoreConfig();
>     >>          storeConfig.setType(StoreTypes.ENCRYPTED_MEMORY);
>     >>          return encryptedStore(storeName, storeConfig, keyStore);
>     >> }
>     >>
>     >> public Store encryptedStore(String storeName, StoreConfig
>     config, String passphrase) {
>     >>          // TODO Create a default passphrase-based KeyStore
>     >>          KeyStore keyStore = null;
>     >>          return encryptedStore(storeName, config, keyStore);
>     >> }
>     >>
>     >> public Store encryptedStore(String storeName, StoreConfig
>     config, KeyStore keyStore) {
>     >>          config.setKeyStore(keyStore);
>     >>          Store store = storeFactory.createStore(config);
>     >>          stores.put(storeName, store);
>     >>          return store;
>     >> }
>     >>
>     >> EncryptedMemoryStore
>     >>
>     >> public class EncryptedMemoryStore<T> implements Store<T> {
>     >>
>     >>      private final MemoryStorage<T> memoryStorage;
>     >>      private final CryptoUtils<T> cryptoUtils;
>     >>
>     >>      public EncryptedMemoryStore(IdGenerator idGenerator,
>     KeyStore keyStore) {
>     >>          memoryStorage = new MemoryStorage(idGenerator);
>     >>          cryptoUtils = new CryptoUtils<T>(keyStore);
>     >>      }
>     >>
>     >>      @Override
>     >>      public StoreType getType() {
>     >>          return StoreTypes.ENCRYPTED_MEMORY;
>     >>      }
>     >>
>     >>      @Override
>     >>      public Collection<T> readAll() throws InvalidKeyException {
>     >>          Collection<T> encryptedCollection =
>     memoryStorage.readAll();
>     >>          return cryptoUtils.decrypt(encryptedCollection);
>     >>      }
>     >>
>     >>      @Override
>     >>      public T read(Serializable id) throws InvalidKeyException {
>     >>          T encryptedItem = memoryStorage.read(id);
>     >>          return cryptoUtils.decrypt(encryptedItem);
>     >>      }
>     >>
>     >>      @Override
>     >>      public List<T> readWithFilter(ReadFilter filter) throws
>     InvalidKeyException {
>     >>          List<T> encryptedList =
>     memoryStorage.readWithFilter(filter);
>     >>          return cryptoUtils.decrypt(encryptedList);
>     >>      }
>     >>
>     >>      @Override
>     >>      public void save(T item) {
>     >>          memoryStorage.save(cryptoUtils.encrypt(item));
>     >>      }
>     >>
>     >>      @Override
>     >>      public void reset() {
>     >>          memoryStorage.reset();
>     >>      }
>     >>
>     >>      @Override
>     >>      public void remove(Serializable id) {
>     >>          memoryStorage.remove(id);
>     >>      }
>     >>
>     >>      @Override
>     >>      public boolean isEmpty() {
>     >>          return memoryStorage.isEmpty();
>     >>      }
>     >>
>     >> }
>     >>
>     >> CryptoUtils
>     >>
>     >> Here is where the magic happens.
>     >>
>     >>
>     >> public class CryptoUtils<T> {
>     >>
>     >>      private final KeyStore keyStore;
>     >>
>     >>      public CryptoUtils(KeyStore keyStore) {
>     >>          this.keyStore = keyStore;
>     >>      }
>     >>
>     >>      public Collection<T> decrypt(Collection<T>
>     encryptedCollection) {
>     >>          List<T> decryptedList = new ArrayList<T>();
>     >>          for (T item : encryptedCollection) {
>     >>              decryptedList.add(decrypt(item));
>     >>          }
>     >>          return decryptedList;
>     >>      }
>     >>
>     >>      public List<T> decrypt(List<T> encryptedList) {
>     >>          List<T> decryptedList = new ArrayList<T>();
>     >>          for (T item : encryptedList) {
>     >>              decryptedList.add(decrypt(item));
>     >>          }
>     >>          return decryptedList;
>     >>      }
>     >>
>     >>      public T decrypt(T item) {
>     >>          // TODO Read all fields and decrypt
>     >>          return item;
>     >>      }
>     >>
>     >>      public T encrypt(T item) {
>     >>          // TODO Read all fields and encrypt
>     >>          return item;
>     >>      }
>     >>
>     >> }
>     >>
>     >> _______________________________________________
>     >> aerogear-dev mailing list
>     >> aerogear-dev at lists.jboss.org <mailto:aerogear-dev at lists.jboss.org>
>     >> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>     >
>     > _______________________________________________
>     > aerogear-dev mailing list
>     > aerogear-dev at lists.jboss.org <mailto:aerogear-dev at lists.jboss.org>
>     > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>     _______________________________________________
>     aerogear-dev mailing list
>     aerogear-dev at lists.jboss.org <mailto:aerogear-dev at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

More information about the aerogear-dev mailing list