Hello Bruno!
On Wed, Feb 5, 2014 at 3:52 PM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
You don't need a key pair, so I can't see any good reason to
use the
KeyStore. If Apple graciously requires the passphrase in plain text we need
to do something about it.
PBKDF2 is not only a function to store passwords, but is also possible to
generate secret keys. So into your scenarios the solution is:
Pbkdf2 pbkdf2 = AeroGearCrypto.pbkdf2();
byte[] salt = new Random().randomBytes();
int iterations = 100000;
SecretKey secretKey = pbkdf2.generateSecretKey(PASSWORD, salt,
iterations);
CryptoBox cryptoBox = new CryptoBox(secretKey.getEncoded());
String passphrase = "My bonnie lies over the ocean";
byte[] ciphertext = cryptoBox.encrypt(CRYPTOBOX_IV, passphrase,
RAW);
Salt, IV and the number of iterations must be stored in some place, or you
can just stick with the default number of iterations. But you still need to
store salt and IV.
Ah, thanks for the hints. I have a little isolated test case. In there I
(potentially) store the privateKey, the IV and the ciphertext in the
database.
This basically simulates the case when the "new iOS variant" form has been
submitted - so instead of the plain passphrase for the cert, I store the
three guys (privateKey, IV, ciphertext):
https://github.com/matzew/psswd-salting/blob/master/src/test/java/net/wes...
Later on, I use the pandora :) to decrypt, by leveraging the stored
information in the database (privateKey, IV, ciphertext):
https://github.com/matzew/psswd-salting/blob/master/src/test/java/net/wes...
Than I get back the 'plaintext' version of the certificate's passphrase,
e.g. as byte[] or String:
https://github.com/matzew/psswd-salting/blob/master/src/test/java/net/wes...
Greetings,
Matthias
--
abstractj
On February 5, 2014 at 9:20:37 AM, Matthias Wessendorf (matzew(a)apache.org)
wrote:
> > However, I am afraid it does not work for the iOS passphrase,
> required to connect to Apple - looks like the library we use requires
> it in plain text... (due to Apple? Not sure...)
--
Matthias Wessendorf
blog:
http://matthiaswessendorf.wordpress.com/
sessions:
http://www.slideshare.net/mwessendorf
twitter:
http://twitter.com/mwessendorf