[aerogear-dev] Android Crypto API sample
Christos Vasilakis
cvasilak at gmail.com
Wed Nov 6 07:06:34 EST 2013
Hi,
thanks for sharing, some questions I have:
- I guess the CryptoConfig will be a stand-alone class which can be applied as a param to the existing ‘StoreConfig’ and ‘PipeConfig’ (later on), right?
Based on a previous email discussion [1], how this looks from the client? Is it sth like this:
// crypto configuration
CryptoConfig cryptoConfig = new PasswordProtectedKeystoreConfig();
cryptoConfig.setAlias("myalias");
cryptoConfig.setKeystoreFileName("app.keystore");
cryptoConfig.setPassword("somePassword");
// store configuration
StoreConfig config = new StoreConfig();
config.setType(ENCRYPTED_MEMORY);
config.setName("encrypted”)
// apply crypto config
config.setCryptoConfig(cryptoConfig);
// build store
EncryptedStore = dataManager.store(config);
Further, I guess Pbkdf2 can be used as:
cryptoConfig.setPassword(AeroGearCrypto.pbkdf2().encrypt(“passphrase-entered-by-user”));
As I understand, the passphrase is used only to unlock the keystore and _not_ for encrypt/decrypt of data. Then the private/public keys are generated and stored in the keystore which can be accessed later. A benefit for this as I see is that you don’t need to reencrypt the data if the passphrase is changed. Only decrypt keystore (old-passphrase) and update keystore (with the new passphrase).
- apart from ‘PasswordKeyServices’ which unlocks the 'keystore based on a password, what other impls of KeyServices are in mind?
- apart from keys, IV is a param needed to encrypt, not shown yet but I guess this should be stored on the keystore too and be accessible from the client when does ‘encrypt’/‘decrypt’.
Thanks,
Christos
[1] http://lists.jboss.org/pipermail/aerogear-dev/2013-November/005213.html
On Nov 5, 2013, at 10:00 PM, Summers Pittman <supittma at redhat.com> wrote:
> One of the things we briefly discussed on the chat was key generation
> and secret storage.
>
> For Android we want to combine the two in an "easy" API which follows
> the Object/Factory/Config patterns of our other systems (Pipeline,
> Authentication, Push).
>
> Here is a high level code flavored example of what I am talking about.
>
> https://gist.github.com/secondsun/d602d19255b1fd085ac8
>
> Actual work is going forward here:
> https://github.com/secondsun/aerogear-android/tree/security
>
> wdyt?
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20131106/55d98297/attachment.html
More information about the aerogear-dev
mailing list