[aerogear-dev] Question around encryption for iOS push certificate passphrase

Wed Feb 5 09:52:49 EST 2014

You don’t need a key pair, so I can’t see any good reason to use the KeyStore. If Apple graciously requires the passphrase in plain text we need to do something about it.

PBKDF2 is not only a function to store passwords, but is also possible to generate secret keys. So into your scenarios the solution is:

        Pbkdf2 pbkdf2 = AeroGearCrypto.pbkdf2();
        byte[] salt = new Random().randomBytes();
        int iterations = 100000;
        SecretKey secretKey = pbkdf2.generateSecretKey(PASSWORD, salt, iterations);

        CryptoBox cryptoBox = new CryptoBox(secretKey.getEncoded());
        String passphrase = "My bonnie lies over the ocean";
        byte[] ciphertext = cryptoBox.encrypt(CRYPTOBOX_IV, passphrase, RAW);

Salt, IV and the number of iterations must be stored in some place, or you can just stick with the default number of iterations. But you still need to store salt and IV.

--  
abstractj

On February 5, 2014 at 9:20:37 AM, Matthias Wessendorf (matzew at apache.org) wrote:
> > However, I am afraid it does not work for the iOS passphrase,  
> required to connect to Apple - looks like the library we use requires  
> it in plain text... (due to Apple? Not sure...)