<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Feb 5, 2014 at 6:53 PM, Daniel Passos <span dir="ltr">&lt;<a href="mailto:daniel@passos.me" target="_blank">daniel@passos.me</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">
<div class="im">On Wed, Feb 5, 2014 at 2:49 PM, Matthias Wessendorf <span dir="ltr">&lt;<a href="mailto:matzew@apache.org" target="_blank">matzew@apache.org</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Hello Bruno,<br><div class="gmail_extra"><br>


<br><div class="gmail_quote"><div>On Wed, Feb 5, 2014 at 5:05 PM, Bruno Oliveira <span dir="ltr">&lt;<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">You shouldn&rsquo;t store your private key, please make use of the suggested code and let me know.<br>



</blockquote><div><br></div>
<div><br></div></div><div>OK, not storing the &#39;private key&#39;, but instead I am only storing the IV, salt and&nbsp;ciphertext, right ?&nbsp;</div></div></div></div></blockquote><div><br></div></div><div><span style="font-family:arial,sans-serif;font-size:12.727272033691406px">Right. In this case you don&#39;t need store Private Key</span><br>


</div><div class="im"><div>&nbsp;</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra">


<div class="gmail_quote"><div>The following code is basically the (relevant) code behind the web-form when someone creates the logical construct of an iOS variant:</div>
<div><br></div><div><a href="https://github.com/matzew/psswd-salting/blob/master/src/test/java/net/wessendorf/salt/SecretKeyTest.java#L44-L62" target="_blank">https://github.com/matzew/psswd-salting/blob/master/src/test/java/net/wessendorf/salt/SecretKeyTest.java#L44-L62</a><br>



</div><div><br></div><div>In real I get all the information for the variant (e.g. its name, its description, its certificate file and the passphrase for the certificate), but the above has been limited to the passphrase, as everything else is not so important here :-)</div>



<div><br></div><div>So after that I have basically the following pieces in the database:</div><div>* IV</div><div>* salt</div><div>* ciphertex</div><div><br></div><div>instead of the plaintext passphrase for the iOS certs. &nbsp;</div>


</div></div></div></blockquote><div><br></div></div><div><b>NEVER</b> store password/passphrase</div></div></div></div></blockquote><div><br></div><div>yep, that&#39;s why I am thinking about:</div><div><a href="https://issues.jboss.org/browse/AGPUSH-358">https://issues.jboss.org/browse/AGPUSH-358</a><br>
</div><div><br></div><div>&nbsp;</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra">
<div class="gmail_quote"><div class="im"><div>&nbsp;</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">

<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">








<div>But, now, somewhere later in in the program, I need to do the decryption to get the actual passphrase for the stored Apple-certificate.<br></div><div>However, I don&#39;t see how to create the CryptoBox here, as I should not stash the private/secret key, nor do I have access to the previous CryptoBox object</div>



<div><br></div><div><a href="https://github.com/matzew/psswd-salting/blob/master/src/test/java/net/wessendorf/salt/SecretKeyTest.java#L64-L85" target="_blank">https://github.com/matzew/psswd-salting/blob/master/src/test/java/net/wessendorf/salt/SecretKeyTest.java#L64-L85</a><br>



</div><div><br></div><div><br></div><div>Looks like I am missing something here</div></div></div></div></blockquote><div><br></div></div><div>If you have Salt and password you can create a PrivateKey &quot;on the fly&quot;</div>
</div></div></div></blockquote><div><br></div><div>As said in the comments of I don&#39;t have access to the password/passphrase:</div><div><a href="https://github.com/matzew/psswd-salting/blob/master/src/test/java/net/wessendorf/salt/SecretKeyTest.java#L67">https://github.com/matzew/psswd-salting/blob/master/src/test/java/net/wessendorf/salt/SecretKeyTest.java#L67</a><br>
</div><div><br></div><div>&nbsp;</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra">
<div class="gmail_quote">

<div><pre style="font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;margin-top:0px;margin-bottom:0px;color:rgb(51,51,51);line-height:18px"><div style="padding-left:10px"><span><br>

</span></div><div style="padding-left:10px"><span>Pbkdf2</span> <span>pbkdf2</span> <span style="font-weight:bold">=</span> <span>AeroGearCrypto</span><span style="font-weight:bold">.</span><span style="color:teal">pbkdf2</span><span style="font-weight:bold">();</span></div>


<div style="padding-left:10px"><span style="color:rgb(68,85,136);font-weight:bold">byte</span><span style="font-weight:bold">[]</span> <span>rawPassword</span> <span style="font-weight:bold">=</span> <span>pbkdf2</span><span style="font-weight:bold">.</span><span style="color:teal">encrypt</span><span style="font-weight:bold">(</span><span>passphrase</span><span style="font-weight:bold">,</span> <span>salt</span><span style="font-weight:bold">);</span></div>


<div style="padding-left:10px"><span>PrivateKey</span> <span>privateKey</span> <span style="font-weight:bold">=</span> <span style="font-weight:bold">new</span> <span>PrivateKey</span><span style="font-weight:bold">(</span><span>rawPassword</span><span style="font-weight:bold">);</span></div>


</pre></div><div>&nbsp;</div><div>And for create CriptoBox you only need a PrivateKey</div><div><span style="font-weight:bold;color:rgb(51,51,51);font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;white-space:pre-wrap"><br>


</span></div><div><span style="font-weight:bold;color:rgb(51,51,51);font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;white-space:pre-wrap"><span style="font-size:12px;font-weight:normal">  CryptoBox</span><span style="color:rgb(0,128,128);font-weight:normal"> </span></span><span style="color:teal;font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;text-align:start;white-space:pre-wrap">cryptoBox</span><span style="color:rgb(51,51,51);font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;white-space:pre-wrap"> </span><span style="font-weight:bold;color:rgb(51,51,51);font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;white-space:pre-wrap">=</span><span style="color:rgb(51,51,51);font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;white-space:pre-wrap"> </span><span style="font-weight:bold;color:rgb(51,51,51);font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;white-space:pre-wrap">new</span><span style="color:rgb(51,51,51);font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;white-space:pre-wrap"> </span><span style="line-height:18px;color:rgb(51,51,51);font-size:12px;white-space:pre-wrap;font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace">CryptoBox</span><span style="font-weight:bold;color:rgb(51,51,51);font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;white-space:pre-wrap">(</span><span style="line-height:18px;color:rgb(51,51,51);font-size:12px;white-space:pre-wrap;font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace">privateKey</span><span style="font-weight:bold;color:rgb(51,51,51);font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;white-space:pre-wrap">);</span><br>


</div><div><span style="font-weight:bold;color:rgb(51,51,51);font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;white-space:pre-wrap"><br></span></div><div>Now you a able to decrypt using stored IV :)</div>


<div><br></div><div><span style="color:rgb(68,85,136);font-weight:bold;font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;white-space:pre-wrap">  byte</span><span style="font-weight:bold;color:rgb(51,51,51);font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;white-space:pre-wrap">[]</span><span style="color:rgb(51,51,51);font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;white-space:pre-wrap"> </span><span style="line-height:18px;color:rgb(51,51,51);font-size:12px;white-space:pre-wrap;font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace">decryptedData</span><span style="color:rgb(51,51,51);font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;white-space:pre-wrap"> </span><span style="font-weight:bold;color:rgb(51,51,51);font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;white-space:pre-wrap">=</span><span style="color:rgb(51,51,51);font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;white-space:pre-wrap"> </span><span style="line-height:18px;color:rgb(51,51,51);font-size:12px;white-space:pre-wrap;font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace">cryptoBox</span><span style="font-weight:bold;color:rgb(51,51,51);font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;white-space:pre-wrap">.</span><span style="color:teal;font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;text-align:start;white-space:pre-wrap">decrypt</span><span style="font-weight:bold;color:rgb(51,51,51);font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;white-space:pre-wrap">(</span><span style="line-height:18px;color:rgb(51,51,51);font-size:12px;white-space:pre-wrap;font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace">IV</span><span style="font-weight:bold;color:rgb(51,51,51);font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;white-space:pre-wrap">,</span><span style="color:rgb(51,51,51);font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;white-space:pre-wrap"> </span><span style="line-height:18px;color:rgb(51,51,51);font-size:12px;white-space:pre-wrap;font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace">data</span><span style="font-weight:bold;color:rgb(51,51,51);font-family:Consolas,&#39;Liberation Mono&#39;,Courier,monospace;font-size:12px;line-height:18px;white-space:pre-wrap">);</span></div>


<div>







<p>That was exactly what we did in Ecrypted Store</p><p><a href="https://github.com/danielpassos/aerogear-android/blob/master/src/org/jboss/aerogear/android/impl/datamanager/EncryptedSQLStore.java#L115-L150" target="_blank">https://github.com/danielpassos/aerogear-android/blob/master/src/org/jboss/aerogear/android/impl/datamanager/EncryptedSQLStore.java#L115-L150</a></p>


<p><br></p></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra">


<div class="gmail_quote"><span><font color="#888888"><div>-Matthias</div></font></span></div></div></div></blockquote></div></div></div>
<br>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br>
<br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div>