<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Oct 10, 2013 at 1:58 PM, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"><br>
<br>
Matthias Wessendorf wrote:<br>
> Thanks for putting together the gist; I did read several times over<br>
> it, and I guess it mostly makes sense :-)<br>
><br>
> However I do have a few (minor?) questions:<br>
><br>
> ===JavaScript:===<br>
><br>
> * key: generatedKey,<br>
><br>
> where does the generate key come from ? Is that a key that, as shown<br>
> in the diagram, comes from "the server"?<br>
</div>Which kind of section are we talking about? Basically I skipped it into<br>
the documentation because developers are able to provide their own but<br>
you can see an example here:<br>
<a href="https://github.com/aerogear/aerogear-js/blob/master/tests/unit/crypto/aerogear.crypto.js#L21" target="_blank">https://github.com/aerogear/aerogear-js/blob/master/tests/unit/crypto/aerogear.crypto.js#L21</a><br>
(that was used only for unit test purposes to guess the output)<br>
<br>
If you think that's not enough I'm fine providing an example about how<br>
to properly generate the key.<br></blockquote><div><br></div><div>Not sure we need it on the gist, but I think it does not hurt.</div><div><br></div><div>I understand (like in the test) that we locally generate the key, but the first diagram (for instance) was a bit confusing. Now I understand </div>
<div>it is an option, e.g. to request a key from a server: so it is really up to the developer (e.g. request a remote key), not up to our library.</div><div>Our library "just" uses any given key, or am I wrong ?</div>
<div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">><br>
> Java<br>
><br>
> * CryptoBox: It is used for different algorithms (GCM and ECC), like a<br>
> "ToolBox" / "ToolChain", right ?<br>
</div>Once there are several tools named "ToolBox, ToolChain" outside there I<br>
will avoid comparisons. CryptoBox is the class responsible to accept a<br>
single key or a key pair and encrypt/decrypt the data.<br></blockquote><div><br></div><div>Ah! Ok, I think now it makes sense. I think the name of the class was misleading (to me)</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">><br>
> * PBKDF2: However, in the (outdated?) gist we use a function<br>
> (AeroGearCrypto.pbkdf2()) to get access to the Pbkdf2 class;<br>
</div>I don't think so, once the code wasn't merge I can't make assumptions<br>
into something that "might be" merged.<br></blockquote><div><br></div><div>not sure what you mean. </div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">> I can't see that in the code - there a direct usage of the Pbkdf2<br>
> class is present.<br>
</div>Until we get that code merged, I think is reasonable to keep it as is.<br></blockquote><div><br></div><div>that is fine</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">><br>
> Now, wondering about the different 'access' mechanisms<br>
> (AeroGearCrypto.pbkdf2() vs. CryptoBox), does it make sense (honestly<br>
> not sure) to add the 'PBKDF2' to the "CryptoBox" as well ?<br>
</div>I don't think so, because they are used for different purposes:<br>
<br>
CryptoBox - Accept a key or a key pair for symmetric/asymetric encryption<br>
PBKDF2 - For passwords as we discussed<br></blockquote><div><br></div><div>yeah, now it is more clear to me, that the "CryptoBox" is not really like a "ToolBox" for different alogrythms </div><div><br>
</div><div><br></div><div>-Matthias</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">><br>
><br>
> @iOS<br>
><br>
> we had a kick off meeting early this week, and now trying to see how<br>
> we move on. A few infos are available in this forked gist:<br>
><br>
> <a href="https://gist.github.com/matzew/7cdf1831c55e3d656477" target="_blank">https://gist.github.com/matzew/7cdf1831c55e3d656477</a><br>
><br>
> More to follow....<br>
<br>
</div>Let me know if something is not clear.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
abstractj<br>
<br>
<br>
</font></span><br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br>
<br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div>