On Wed, Feb 5, 2014 at 6:53 PM, Daniel Passos <daniel(a)passos.me> wrote:
On Wed, Feb 5, 2014 at 2:49 PM, Matthias Wessendorf
<matzew(a)apache.org>wrote:
> Hello Bruno,
>
>
> On Wed, Feb 5, 2014 at 5:05 PM, Bruno Oliveira <bruno(a)abstractj.org>wrote:
>
>> You shouldn't store your private key, please make use of the suggested
>> code and let me know.
>>
>
>
> OK, not storing the 'private key', but instead I am only storing the IV,
> salt and ciphertext, right ?
>
Right. In this case you don't need store Private Key
> The following code is basically the (relevant) code behind the web-form
> when someone creates the logical construct of an iOS variant:
>
>
>
https://github.com/matzew/psswd-salting/blob/master/src/test/java/net/wes...
>
> In real I get all the information for the variant (e.g. its name, its
> description, its certificate file and the passphrase for the certificate),
> but the above has been limited to the passphrase, as everything else is not
> so important here :-)
>
> So after that I have basically the following pieces in the database:
> * IV
> * salt
> * ciphertex
>
> instead of the plaintext passphrase for the iOS certs.
>
*NEVER* store password/passphrase
yep, that's why I am thinking about:
https://issues.jboss.org/browse/AGPUSH-358
> But, now, somewhere later in in the program, I need to do the
> decryption to get the actual passphrase for the stored Apple-certificate.
> However, I don't see how to create the CryptoBox here, as I should not
> stash the private/secret key, nor do I have access to the previous
> CryptoBox object
>
>
>
https://github.com/matzew/psswd-salting/blob/master/src/test/java/net/wes...
>
>
> Looks like I am missing something here
>
If you have Salt and password you can create a PrivateKey "on the fly"
As said in the comments of I don't have access to the password/passphrase:
https://github.com/matzew/psswd-salting/blob/master/src/test/java/net/wes...
Pbkdf2 pbkdf2 = AeroGearCrypto.pbkdf2();
byte[] rawPassword = pbkdf2.encrypt(passphrase, salt);
PrivateKey privateKey = new PrivateKey(rawPassword);
And for create CriptoBox you only need a PrivateKey
CryptoBox cryptoBox = new CryptoBox(privateKey);
Now you a able to decrypt using stored IV :)
byte[] decryptedData = cryptoBox.decrypt(IV, data);
That was exactly what we did in Ecrypted Store
https://github.com/danielpassos/aerogear-android/blob/master/src/org/jbos...
-Matthias
>
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Matthias Wessendorf
blog:
http://matthiaswessendorf.wordpress.com/
sessions:
http://www.slideshare.net/mwessendorf
twitter:
http://twitter.com/mwessendorf