[aerogear-dev] AeroGear Android Crypto / DataManager Proposal

Bruno Oliveira bruno at abstractj.org
Wed Nov 6 12:12:47 EST 2013 

Answers inline.

> Daniel Passos <mailto:daniel at passos.me>
> November 6, 2013 at 2:24 PM
> <#>
>
>
>   DataManager Crypto
>
> <#>
>
>
>     Idea
>
> My idea is to read all fields, encrypt the field values and save it in
> store (Memory and SQLite)
>
Sounds like a plan.
> <#>
>
>
>     Problems
>
> 1) CryptoBox needs byte[] data to encrypt[1]. We need to get byte[] of
> all types
> 2) CryptoBox#decrypt returns a byte[] and we need to convert it by
> field type
> 3) How does it work with nested objects?
>
> Ugly code to set decrypted data by field type[2]
>
> <#>
>
>
>     Solution/Proposal
>
> What about serializing entity/model to json, encrypt it and save in Store?
>
Due to our target
(http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Security-release-dates-and-deadlines-td5249.html),
the timing is too tight for encrypted queries (would be awesome indeed)
but we need to be realistic.

So if the idea is to encrypt/decrypt a whole JSON +1 and we improve it
on the next release.
>
> If we decide on this, we will not be able to make queries /
> ReadWithFilter (I think).[3]
>
> Any questions, thoughts or tomatoes before I move forward?
>
From my side, go for it.
>
> [1]
> https://github.com/aerogear/aerogear-crypto-java/blob/master/src/main/java/org/jboss/aerogear/crypto/CryptoBox.java#L86
> [2] https://gist.github.com/danielpassos/31e024a8cfd6c64e151c
> [3]
> http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Querying-encrypted-data-td5068.html
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> Hylke Bons <mailto:hbons at redhat.com>
> November 6, 2013 at 8:03 AM
> I already started a new thread for that and just wanted to refer to it
> as it's related.
>
> Hylke
>
> On 05/11/2013 16:51, Bruno Oliveira wrote:
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> Bruno Oliveira <mailto:bruno at abstractj.org>
> November 5, 2013 at 2:51 PM
> I can be dead wrong, but please start a new thread to discuss about the
> site. Otherwise we will lose the real focus here.
>
> Hylke Bons <mailto:hbons at redhat.com>
> November 5, 2013 at 11:40 AM
> On 05/11/2013 07:41, Corinne Krych wrote:
>> Hello all,
>>
>> I've got 2 points:
>>
>> - modularity: AeroGear libs are small and modular: we have a separate aerogear-otp-ios, aerogear-push-ios-registration so that if the user wants to use aerogear without push, he can use aerogear-ios, if he needs the push-registration, he uses both. For encryption store, where do we want to put EncryptedStore? aerogear-android depends on aerogear-crypto.
>
> I'd like to chime in here a little bit, as this also involves the 
> website mockup I sent to the list earlier. Whatever the decision, I 
> highly recommend making the different (sub)libraries consistent across 
> platforms, so the mental model is the same everwhere.
>
> That said, the libraries should probably reflect the different 
> subprojects that we display on the main page.
>
> Hylke
>
>
>> - Encrypting data takes time. It would be nice to have EncryptedStore encrypts data on separate thread and provide callbacks on completion.
>> thoughts?
>>
>> ++
>> Corinne
>> On Nov 4, 2013, at 5:30 PM, Daniel Passos <daniel at passos.me> wrote:
>>
>>> The idea is implementing only save(add/update) and delete, using the stores we already have today by just adding crypt / decrypt and scheduling Query (readWithFilter) for the next release
>>> DataManager
>>>
>>> public Store encryptedStore(String storeName, String passphrase) {
>>>          // TODO Create a default passphrase-based KeyStore
>>>          KeyStore keyStore = null;
>>>          return encryptedStore(storeName, keyStore);
>>> }
>>>
>>> public Store encryptedStore(String storeName, KeyStore keyStore) {
>>>          StoreConfig storeConfig = new StoreConfig();
>>>          storeConfig.setType(StoreTypes.ENCRYPTED_MEMORY);
>>>          return encryptedStore(storeName, storeConfig, keyStore);
>>> }
>>>
>>> public Store encryptedStore(String storeName, StoreConfig config, String passphrase) {
>>>          // TODO Create a default passphrase-based KeyStore
>>>          KeyStore keyStore = null;
>>>          return encryptedStore(storeName, config, keyStore);
>>> }
>>>
>>> public Store encryptedStore(String storeName, StoreConfig config, KeyStore keyStore) {
>>>          config.setKeyStore(keyStore);
>>>          Store store = storeFactory.createStore(config);
>>>          stores.put(storeName, store);
>>>          return store;
>>> }
>>>
>>> EncryptedMemoryStore
>>>
>>> public class EncryptedMemoryStore<T> implements Store<T> {
>>>
>>>      private final MemoryStorage<T> memoryStorage;
>>>      private final CryptoUtils<T> cryptoUtils;
>>>
>>>      public EncryptedMemoryStore(IdGenerator idGenerator, KeyStore keyStore) {
>>>          memoryStorage = new MemoryStorage(idGenerator);
>>>          cryptoUtils = new CryptoUtils<T>(keyStore);
>>>      }
>>>
>>>      @Override
>>>      public StoreType getType() {
>>>          return StoreTypes.ENCRYPTED_MEMORY;
>>>      }
>>>
>>>      @Override
>>>      public Collection<T> readAll() throws InvalidKeyException {
>>>          Collection<T> encryptedCollection = memoryStorage.readAll();
>>>          return cryptoUtils.decrypt(encryptedCollection);
>>>      }
>>>
>>>      @Override
>>>      public T read(Serializable id) throws InvalidKeyException {
>>>          T encryptedItem = memoryStorage.read(id);
>>>          return cryptoUtils.decrypt(encryptedItem);
>>>      }
>>>
>>>      @Override
>>>      public List<T> readWithFilter(ReadFilter filter) throws InvalidKeyException {
>>>          List<T> encryptedList = memoryStorage.readWithFilter(filter);
>>>          return cryptoUtils.decrypt(encryptedList);
>>>      }
>>>
>>>      @Override
>>>      public void save(T item) {
>>>          memoryStorage.save(cryptoUtils.encrypt(item));
>>>      }
>>>
>>>      @Override
>>>      public void reset() {
>>>          memoryStorage.reset();
>>>      }
>>>
>>>      @Override
>>>      public void remove(Serializable id) {
>>>          memoryStorage.remove(id);
>>>      }
>>>
>>>      @Override
>>>      public boolean isEmpty() {
>>>          return memoryStorage.isEmpty();
>>>      }
>>>
>>> }
>>>
>>> CryptoUtils
>>>
>>> Here is where the magic happens.
>>>
>>>
>>> public class CryptoUtils<T> {
>>>
>>>      private final KeyStore keyStore;
>>>
>>>      public CryptoUtils(KeyStore keyStore) {
>>>          this.keyStore = keyStore;
>>>      }
>>>
>>>      public Collection<T> decrypt(Collection<T> encryptedCollection) {
>>>          List<T> decryptedList = new ArrayList<T>();
>>>          for (T item : encryptedCollection) {
>>>              decryptedList.add(decrypt(item));
>>>          }
>>>          return decryptedList;
>>>      }
>>>
>>>      public List<T> decrypt(List<T> encryptedList) {
>>>          List<T> decryptedList = new ArrayList<T>();
>>>          for (T item : encryptedList) {
>>>              decryptedList.add(decrypt(item));
>>>          }
>>>          return decryptedList;
>>>      }
>>>
>>>      public T decrypt(T item) {
>>>          // TODO Read all fields and decrypt
>>>          return item;
>>>      }
>>>
>>>      public T encrypt(T item) {
>>>          // TODO Read all fields and encrypt
>>>          return item;
>>>      }
>>>
>>> }
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> Corinne Krych <mailto:corinnekrych at gmail.com>
> November 5, 2013 at 5:41 AM
> Hello all,
>
> I've got 2 points:
>
> - modularity: AeroGear libs are small and modular: we have a separate
> aerogear-otp-ios, aerogear-push-ios-registration so that if the user
> wants to use aerogear without push, he can use aerogear-ios, if he
> needs the push-registration, he uses both. For encryption store, where
> do we want to put EncryptedStore? aerogear-android depends on
> aerogear-crypto.
>
> - Encrypting data takes time. It would be nice to have EncryptedStore
> encrypts data on separate thread and provide callbacks on completion.
> thoughts?
>
> ++
> Corinne
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

-- 
abstractj


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
Url : http://lists.jboss.org/pipermail/aerogear-dev/attachments/20131106/7e2e790d/attachment.bin

More information about the aerogear-dev mailing list