[aerogear-dev] Android Crypto API sample

Christos Vasilakis cvasilak at gmail.com
Wed Nov 6 07:06:34 EST 2013 

Hi,

thanks for sharing, some questions I have:

- I guess the CryptoConfig will be a stand-alone class which can be applied as a param to the existing  ‘StoreConfig’ and ‘PipeConfig’ (later on), right? 

Based on a previous email discussion [1], how this looks from the client? Is it sth like this:

// crypto configuration
CryptoConfig cryptoConfig = new PasswordProtectedKeystoreConfig();
cryptoConfig.setAlias("myalias");
cryptoConfig.setKeystoreFileName("app.keystore");
cryptoConfig.setPassword("somePassword");

// store configuration
StoreConfig config = new StoreConfig();
config.setType(ENCRYPTED_MEMORY);
config.setName("encrypted”)
// apply crypto config
config.setCryptoConfig(cryptoConfig);

// build store
EncryptedStore = dataManager.store(config);

Further,  I guess Pbkdf2 can be used as:

cryptoConfig.setPassword(AeroGearCrypto.pbkdf2().encrypt(“passphrase-entered-by-user”));

As I understand, the passphrase is used only to unlock the keystore and _not_ for encrypt/decrypt of data. Then the private/public keys are generated and stored in the keystore which can be accessed later. A benefit for this as I see is that you don’t need to reencrypt the data if the passphrase is changed. Only decrypt keystore (old-passphrase) and update keystore (with the new passphrase).

- apart from ‘PasswordKeyServices’ which unlocks the 'keystore based on a password, what other impls of KeyServices are in mind?

- apart from keys,  IV is a param needed to encrypt, not shown yet but I guess this should be stored on the keystore too and be accessible from the client when does ‘encrypt’/‘decrypt’.

Thanks,
Christos


[1] http://lists.jboss.org/pipermail/aerogear-dev/2013-November/005213.html

On Nov 5, 2013, at 10:00 PM, Summers Pittman <supittma at redhat.com> wrote:

> One of the things we briefly discussed on the chat was key generation 
> and secret storage.
> 
> For Android we want to combine the two in an "easy" API which follows 
> the Object/Factory/Config patterns of our other systems (Pipeline, 
> Authentication, Push).
> 
> Here is a high level code flavored example of what I am talking about.
> 
> https://gist.github.com/secondsun/d602d19255b1fd085ac8
> 
> Actual work is going forward here: 
> https://github.com/secondsun/aerogear-android/tree/security
> 
> wdyt?
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20131106/55d98297/attachment.html

More information about the aerogear-dev mailing list