Maybe is my misinterpretation but answers inline.

Matthias Wessendorf wrote:
> One thing:
> https://issues.jboss.org/browse/AGSEC-89
> is not really something _on_ iOS; On the UnifiedPush Server the
> passphrase for the certifcate is stored plain text, should be improved
> by hashing and salting.

I think they are consider completely different beasts. Once you have to
implement it on iOS and the server right? "Encryption for iOS
passphrase" is too generic and can be anything.

>
> So, not sure if we want to remove that AGSEC-89 ticket

Basically the ticket wasn't missed and will be solved by:

* AGSEC-XX: Provide easy to use cryptography interface

    *Description*: We must build a foundation for encrypted storage,
before start hacking on it. Having clearly defined goals in a single
place might help to put things in perspective.

    Ex: **Android**-crypto, **iOS**-crypto & **JS**-crypto libraries

    * AGSEC-XX: Symmetric encryption support:
[GCM](http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf)

-> Link to  ** AGIOS - Implement my supercool encryption (just an example)

    * AGSEC-XX: Asymmetric encryption support:
[ECC](http://www.nsa.gov/business/programs/elliptic_curve.shtml)
    * AGSEC-XX: Password based key derivation:
[PBKDF2](http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf)
    * AGSEC-XX: Hashing support: SHA-256, SHA-512
    * AGSEC-XX: Message authentication support: GMAC, HMAC *See: AGSEC-57*
    * AGSEC-XX: Digital signatures support: ECDSA

--
abstractj



_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev