On Wed, Feb 5, 2014 at 2:49 PM, Matthias Wessendorf <matzew(a)apache.org>wrote:
Hello Bruno,
On Wed, Feb 5, 2014 at 5:05 PM, Bruno Oliveira <bruno(a)abstractj.org>wrote:
> You shouldn't store your private key, please make use of the suggested
> code and let me know.
OK, not storing the 'private key', but instead I am only storing the IV,
salt and ciphertext, right ?
Right. In this case you don't need store Private Key
The following code is basically the (relevant) code behind the
web-form
when someone creates the logical construct of an iOS variant:
https://github.com/matzew/psswd-salting/blob/master/src/test/java/net/wes...
In real I get all the information for the variant (e.g. its name, its
description, its certificate file and the passphrase for the certificate),
but the above has been limited to the passphrase, as everything else is not
so important here :-)
So after that I have basically the following pieces in the database:
* IV
* salt
* ciphertex
instead of the plaintext passphrase for the iOS certs.
*NEVER* store password/passphrase
But, now, somewhere later in in the program, I need to do the
decryption
to get the actual passphrase for the stored Apple-certificate.
However, I don't see how to create the CryptoBox here, as I should not
stash the private/secret key, nor do I have access to the previous
CryptoBox object
https://github.com/matzew/psswd-salting/blob/master/src/test/java/net/wes...
Looks like I am missing something here
If you have Salt and password you can create a PrivateKey "on the fly"
Pbkdf2 pbkdf2 = AeroGearCrypto.pbkdf2();
byte[] rawPassword = pbkdf2.encrypt(passphrase, salt);
PrivateKey privateKey = new PrivateKey(rawPassword);
And for create CriptoBox you only need a PrivateKey
CryptoBox cryptoBox = new CryptoBox(privateKey);
Now you a able to decrypt using stored IV :)
byte[] decryptedData = cryptoBox.decrypt(IV, data);
That was exactly what we did in Ecrypted Store
https://github.com/danielpassos/aerogear-android/blob/master/src/org/jbos...
-Matthias