You don’t need a key pair, so I can’t see any good reason to use the KeyStore. If Apple
graciously requires the passphrase in plain text we need to do something about it.
PBKDF2 is not only a function to store passwords, but is also possible to generate secret
keys. So into your scenarios the solution is:
Pbkdf2 pbkdf2 = AeroGearCrypto.pbkdf2();
byte[] salt = new Random().randomBytes();
int iterations = 100000;
SecretKey secretKey = pbkdf2.generateSecretKey(PASSWORD, salt, iterations);
CryptoBox cryptoBox = new CryptoBox(secretKey.getEncoded());
String passphrase = "My bonnie lies over the ocean";
byte[] ciphertext = cryptoBox.encrypt(CRYPTOBOX_IV, passphrase, RAW);
Salt, IV and the number of iterations must be stored in some place, or you can just stick
with the default number of iterations. But you still need to store salt and IV.
--
abstractj
On February 5, 2014 at 9:20:37 AM, Matthias Wessendorf (matzew(a)apache.org) wrote:
> However, I am afraid it does not work for the iOS passphrase,
required to connect to Apple - looks like the library we use requires
it in plain text... (due to Apple? Not sure...)