Re: [aerogear-dev] Passphrase encryption - REST API discussion

On Thu, Mar 13, 2014 at 12:59 PM, Bruno Oliveira wrote: > iOS Variant: > > - HTTP request > > Remain unchanged, but now certificate and passphrase can be send > encrypted and the server will store it. > encrptyed w/ the help of the public-key ?

> > - HTTP response > > Remain unchaged > > Sender: > > - HTTP request > > Remain unchanged, w/ "unchanged" you basically mean the payload of the "Send request" is the same as it is today, right ?

> but now the server will search for the application ID and retrieve the > public key to decrypt application's passphrase > Ok, that's internal details. So the server basically deprcypts both: cert and its passphrase, in order to establish the connection to APNs

> > > AeroGear Clients > > - cURL > > Yesterday I had the amusing experience of dig into the sources of OpenSSL > and their documentation, to see how people could encrypt it from the > command line. If I recommend that people would remember my name for the > eternity in a bad way. Another insane idea was to provide encoders for GPG. > The simplest idea, I think, would be provide code for people encrypt their > passphrase and certificate, instead of trust in some software. > but that's really just for the "registration part", right ? I don't care that much about a cumbersome API there :-) Because in 99% of all cases the actual registration (and cert/passphrase upload) is done via the sexy Admin UI. The CURL for the send stays the same as it is today, right ?

> It looks like it goes towards the right direction! Thanks for looking into it -- Matthias Wessendorf blog: http://matthiaswessendorf.wordpress.com/ sessions: http://www.slideshare.net/mwessendorf twitter: http://twitter.com/mwessendorf _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev