There is no magic, the password must exist in some place. If not possible require the
password, is possible to follow the same approach provided for password reset
functionality.
If you want to stick to the KeyStore, you still need to provide the password in some
place, but that’s more suitable when you have a key exchange or something like this.
So if you patiently read my the code proposed, you will realize that is possible to
achieve it via property file, database or whatever:
@Test
public void testPasswordValidationWithRandomSaltProvided() throws Exception {
Pbkdf2 pbkdf2 = AeroGearCrypto.pbkdf2();
byte[] salt = new Random().randomBytes();
byte[] IV = new Random().randomBytes();
int iterations = 100000;
read.secretFile(“secret.properties”);
String PASSWORD = read.load(“password_to_my_superpassphrase”);
//Encrypt step
SecretKey secretKey = pbkdf2.generateSecretKey(PASSWORD, salt, iterations);
CryptoBox box1 = new CryptoBox(secretKey.getEncoded());
String passphrase = "My bonnie lies over the ocean";
byte[] ciphertext = box1.encrypt(IV, passphrase.getBytes());
//Decrypt step
SecretKey recoveredKey = pbkdf2.generateSecretKey(PASSWORD, salt, iterations);
}
If it’s not clear, let me know where should I introduce this functionality rather than a
pet project and I can do that.
--
abstractj
On February 5, 2014 at 4:47:04 PM, Matthias Wessendorf (matzew(a)apache.org) wrote:
> as said in the comments, I don't have that PASSWORD here
That is only submitted when the user creates a new iOS variant,
it's never entered when the server tries to connect to the APNs