<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Feb 5, 2014 at 7:41 PM, Bruno Oliveira <span dir="ltr">&lt;<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">You need tho reconstruct that key again with the pieces from your database, so your code would look like:<br>
<br>
@Test<br>
    public void testPasswordValidationWithRandomSaltProvided() throws Exception {<br>
        Pbkdf2 pbkdf2 = AeroGearCrypto.pbkdf2();<br>
        byte[] salt = new Random().randomBytes();<br>
        byte[] IV = new Random().randomBytes();<br>
        int iterations = 100000;<br>
<br>
        //Encrypt step<br>
<div class="im">        SecretKey secretKey = pbkdf2.generateSecretKey(PASSWORD, salt, iterations);<br>
</div>        CryptoBox box1 = new CryptoBox(secretKey.getEncoded());<br>
<div class="im">        String passphrase = &quot;My bonnie lies over the ocean&quot;;<br>
</div>        byte[] ciphertext = box1.encrypt(IV, passphrase.getBytes());<br>
<br>
        //Decrypt step<br>
        SecretKey recoveredKey = pbkdf2.generateSecretKey(PASSWORD, salt, iterations);<br></blockquote><div><br></div><div><br></div><div>as said in the comments, I don&#39;t have that PASSWORD here</div><div><br></div><div>
<br></div><div>That is only submitted when the user creates a new iOS variant, it&#39;s never entered when the server tries to connect to the APNs</div><div><br></div><div><br></div><div><br></div><div><br></div><div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
        CryptoBox box2 = new CryptoBox(recoveredKey.getEncoded());<br>
        byte[] plaintext = box2.decrypt(IV, ciphertext);<br>
        System.out.println(RAW.encode(plaintext));<br>
<br>
    }<br>
<br>
--<br>
abstractj<br>
<div class="HOEnZb"><div class="h5"><br>
On February 5, 2014 at 3:59:06 PM, Matthias Wessendorf (<a href="mailto:matzew@apache.org">matzew@apache.org</a>) wrote:<br>
&gt; &gt; But, now, somewhere later in in the program, I need to do the decryption<br>
&gt; to get the actual passphrase for the stored Apple-certificate.<br>
&gt; However, I don&#39;t see how to create the CryptoBox here, as I should<br>
&gt; not stash the private/secret key, nor do I have access to the previous<br>
&gt; CryptoBox object<br>
&gt;<br>
&gt; <a href="https://github.com/matzew/psswd-salting/blob/master/src/test/java/net/wessendorf/salt/SecretKeyTest.java#L64-L85" target="_blank">https://github.com/matzew/psswd-salting/blob/master/src/test/java/net/wessendorf/salt/SecretKeyTest.java#L64-L85</a><br>

&gt;<br>
&gt;<br>
&gt; Looks like I am missing something here<br>
<br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div>