[aerogear-dev] AeroGear Android Crypto / DataManager Proposal

Christos Vasilakis cvasilak at gmail.com
Wed Nov 6 12:47:43 EST 2013 

On Nov 6, 2013, at 7:12 PM, Bruno Oliveira <bruno at abstractj.org> wrote:

> Answers inline.
> 
>> Daniel Passos <mailto:daniel at passos.me>
>> November 6, 2013 at 2:24 PM
>> <#>
>> 
>> 
>>  DataManager Crypto
>> 
>> <#>
>> 
>> 
>>    Idea
>> 
>> My idea is to read all fields, encrypt the field values and save it in
>> store (Memory and SQLite)
>> 
> Sounds like a plan.
>> <#>
>> 
>> 
>>    Problems
>> 
>> 1) CryptoBox needs byte[] data to encrypt[1]. We need to get byte[] of
>> all types
>> 2) CryptoBox#decrypt returns a byte[] and we need to convert it by
>> field type
>> 3) How does it work with nested objects?
>> 
>> Ugly code to set decrypted data by field type[2]
>> 
>> <#>
>> 
>> 
>>    Solution/Proposal
>> 
>> What about serializing entity/model to json, encrypt it and save in Store?
>> 
> Due to our target
> (http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Security-release-dates-and-deadlines-td5249.html),
> the timing is too tight for encrypted queries (would be awesome indeed)
> but we need to be realistic.
> 
> So if the idea is to encrypt/decrypt a whole JSON +1 and we improve it
> on the next release.
>> 
>> If we decide on this, we will not be able to make queries /
>> ReadWithFilter (I think).[3]
>> 
>> Any questions, thoughts or tomatoes before I move forward?
>> 
> From my side, go for it.


+1 to move forward



>> 
>> [1]
>> https://github.com/aerogear/aerogear-crypto-java/blob/master/src/main/java/org/jboss/aerogear/crypto/CryptoBox.java#L86
>> [2] https://gist.github.com/danielpassos/31e024a8cfd6c64e151c
>> [3]
>> http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Querying-encrypted-data-td5068.html
>> 
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>> Hylke Bons <mailto:hbons at redhat.com>
>> November 6, 2013 at 8:03 AM
>> I already started a new thread for that and just wanted to refer to it
>> as it's related.
>> 
>> Hylke
>> 
>> On 05/11/2013 16:51, Bruno Oliveira wrote:
>> 
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>> Bruno Oliveira <mailto:bruno at abstractj.org>
>> November 5, 2013 at 2:51 PM
>> I can be dead wrong, but please start a new thread to discuss about the
>> site. Otherwise we will lose the real focus here.
>> 
>> Hylke Bons <mailto:hbons at redhat.com>
>> November 5, 2013 at 11:40 AM
>> On 05/11/2013 07:41, Corinne Krych wrote:
>>> Hello all,
>>> 
>>> I've got 2 points:
>>> 
>>> - modularity: AeroGear libs are small and modular: we have a separate aerogear-otp-ios, aerogear-push-ios-registration so that if the user wants to use aerogear without push, he can use aerogear-ios, if he needs the push-registration, he uses both. For encryption store, where do we want to put EncryptedStore? aerogear-android depends on aerogear-crypto.
>> 
>> I'd like to chime in here a little bit, as this also involves the 
>> website mockup I sent to the list earlier. Whatever the decision, I 
>> highly recommend making the different (sub)libraries consistent across 
>> platforms, so the mental model is the same everwhere.
>> 
>> That said, the libraries should probably reflect the different 
>> subprojects that we display on the main page.
>> 
>> Hylke
>> 
>> 
>>> - Encrypting data takes time. It would be nice to have EncryptedStore encrypts data on separate thread and provide callbacks on completion.
>>> thoughts?
>>> 
>>> ++
>>> Corinne
>>> On Nov 4, 2013, at 5:30 PM, Daniel Passos <daniel at passos.me> wrote:
>>> 
>>>> The idea is implementing only save(add/update) and delete, using the stores we already have today by just adding crypt / decrypt and scheduling Query (readWithFilter) for the next release
>>>> DataManager
>>>> 
>>>> public Store encryptedStore(String storeName, String passphrase) {
>>>>         // TODO Create a default passphrase-based KeyStore
>>>>         KeyStore keyStore = null;
>>>>         return encryptedStore(storeName, keyStore);
>>>> }
>>>> 
>>>> public Store encryptedStore(String storeName, KeyStore keyStore) {
>>>>         StoreConfig storeConfig = new StoreConfig();
>>>>         storeConfig.setType(StoreTypes.ENCRYPTED_MEMORY);
>>>>         return encryptedStore(storeName, storeConfig, keyStore);
>>>> }
>>>> 
>>>> public Store encryptedStore(String storeName, StoreConfig config, String passphrase) {
>>>>         // TODO Create a default passphrase-based KeyStore
>>>>         KeyStore keyStore = null;
>>>>         return encryptedStore(storeName, config, keyStore);
>>>> }
>>>> 
>>>> public Store encryptedStore(String storeName, StoreConfig config, KeyStore keyStore) {
>>>>         config.setKeyStore(keyStore);
>>>>         Store store = storeFactory.createStore(config);
>>>>         stores.put(storeName, store);
>>>>         return store;
>>>> }
>>>> 
>>>> EncryptedMemoryStore
>>>> 
>>>> public class EncryptedMemoryStore<T> implements Store<T> {
>>>> 
>>>>     private final MemoryStorage<T> memoryStorage;
>>>>     private final CryptoUtils<T> cryptoUtils;
>>>> 
>>>>     public EncryptedMemoryStore(IdGenerator idGenerator, KeyStore keyStore) {
>>>>         memoryStorage = new MemoryStorage(idGenerator);
>>>>         cryptoUtils = new CryptoUtils<T>(keyStore);
>>>>     }
>>>> 
>>>>     @Override
>>>>     public StoreType getType() {
>>>>         return StoreTypes.ENCRYPTED_MEMORY;
>>>>     }
>>>> 
>>>>     @Override
>>>>     public Collection<T> readAll() throws InvalidKeyException {
>>>>         Collection<T> encryptedCollection = memoryStorage.readAll();
>>>>         return cryptoUtils.decrypt(encryptedCollection);
>>>>     }
>>>> 
>>>>     @Override
>>>>     public T read(Serializable id) throws InvalidKeyException {
>>>>         T encryptedItem = memoryStorage.read(id);
>>>>         return cryptoUtils.decrypt(encryptedItem);
>>>>     }
>>>> 
>>>>     @Override
>>>>     public List<T> readWithFilter(ReadFilter filter) throws InvalidKeyException {
>>>>         List<T> encryptedList = memoryStorage.readWithFilter(filter);
>>>>         return cryptoUtils.decrypt(encryptedList);
>>>>     }
>>>> 
>>>>     @Override
>>>>     public void save(T item) {
>>>>         memoryStorage.save(cryptoUtils.encrypt(item));
>>>>     }
>>>> 
>>>>     @Override
>>>>     public void reset() {
>>>>         memoryStorage.reset();
>>>>     }
>>>> 
>>>>     @Override
>>>>     public void remove(Serializable id) {
>>>>         memoryStorage.remove(id);
>>>>     }
>>>> 
>>>>     @Override
>>>>     public boolean isEmpty() {
>>>>         return memoryStorage.isEmpty();
>>>>     }
>>>> 
>>>> }
>>>> 
>>>> CryptoUtils
>>>> 
>>>> Here is where the magic happens.
>>>> 
>>>> 
>>>> public class CryptoUtils<T> {
>>>> 
>>>>     private final KeyStore keyStore;
>>>> 
>>>>     public CryptoUtils(KeyStore keyStore) {
>>>>         this.keyStore = keyStore;
>>>>     }
>>>> 
>>>>     public Collection<T> decrypt(Collection<T> encryptedCollection) {
>>>>         List<T> decryptedList = new ArrayList<T>();
>>>>         for (T item : encryptedCollection) {
>>>>             decryptedList.add(decrypt(item));
>>>>         }
>>>>         return decryptedList;
>>>>     }
>>>> 
>>>>     public List<T> decrypt(List<T> encryptedList) {
>>>>         List<T> decryptedList = new ArrayList<T>();
>>>>         for (T item : encryptedList) {
>>>>             decryptedList.add(decrypt(item));
>>>>         }
>>>>         return decryptedList;
>>>>     }
>>>> 
>>>>     public T decrypt(T item) {
>>>>         // TODO Read all fields and decrypt
>>>>         return item;
>>>>     }
>>>> 
>>>>     public T encrypt(T item) {
>>>>         // TODO Read all fields and encrypt
>>>>         return item;
>>>>     }
>>>> 
>>>> }
>>>> 
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>> 
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>> Corinne Krych <mailto:corinnekrych at gmail.com>
>> November 5, 2013 at 5:41 AM
>> Hello all,
>> 
>> I've got 2 points:
>> 
>> - modularity: AeroGear libs are small and modular: we have a separate
>> aerogear-otp-ios, aerogear-push-ios-registration so that if the user
>> wants to use aerogear without push, he can use aerogear-ios, if he
>> needs the push-registration, he uses both. For encryption store, where
>> do we want to put EncryptedStore? aerogear-android depends on
>> aerogear-crypto.
>> 
>> - Encrypting data takes time. It would be nice to have EncryptedStore
>> encrypts data on separate thread and provide callbacks on completion.
>> thoughts?
>> 
>> ++
>> Corinne
>> 
>> 
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> 
> -- 
> abstractj
> 
> 
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

More information about the aerogear-dev mailing list