Hello all, I've got 2 points: - modularity: AeroGear libs are small and modular: we have a separate aerogear-otp-ios, aerogear-push-ios-registration so that if the user wants to use aerogear without push, he can use aerogear-ios, if he needs the push-registration, he uses both. For encryption store, where do we want to put EncryptedStore? aerogear-android depends on aerogear-crypto.

- Encrypting data takes time. It would be nice to have EncryptedStore encrypts data on separate thread and provide callbacks on completion. thoughts? ++ Corinne On Nov 4, 2013, at 5:30 PM, Daniel Passos <daniel(a)passos.me&gt; wrote: > The idea is implementing only save(add/update) and delete, using the stores we already have today by just adding crypt / decrypt and scheduling Query (readWithFilter) for the next release > DataManager > > public Store encryptedStore(String storeName, String passphrase) { > // TODO Create a default passphrase-based KeyStore > KeyStore keyStore = null; > return encryptedStore(storeName, keyStore); > } > > public Store encryptedStore(String storeName, KeyStore keyStore) { > StoreConfig storeConfig = new StoreConfig(); > storeConfig.setType(StoreTypes.ENCRYPTED_MEMORY); > return encryptedStore(storeName, storeConfig, keyStore); > } > > public Store encryptedStore(String storeName, StoreConfig config, String passphrase) { > // TODO Create a default passphrase-based KeyStore > KeyStore keyStore = null; > return encryptedStore(storeName, config, keyStore); > } > > public Store encryptedStore(String storeName, StoreConfig config, KeyStore keyStore) { > config.setKeyStore(keyStore); > Store store = storeFactory.createStore(config); > stores.put(storeName, store); > return store; > } > > EncryptedMemoryStore > > public class EncryptedMemoryStore<T> implements Store<T> { > > private final MemoryStorage<T> memoryStorage; > private final CryptoUtils<T> cryptoUtils; > > public EncryptedMemoryStore(IdGenerator idGenerator, KeyStore keyStore) { > memoryStorage = new MemoryStorage(idGenerator); > cryptoUtils = new CryptoUtils<T>(keyStore); > } > > @Override > public StoreType getType() { > return StoreTypes.ENCRYPTED_MEMORY; > } > > @Override > public Collection<T> readAll() throws InvalidKeyException { > Collection<T> encryptedCollection = memoryStorage.readAll(); > return cryptoUtils.decrypt(encryptedCollection); > } > > @Override > public T read(Serializable id) throws InvalidKeyException { > T encryptedItem = memoryStorage.read(id); > return cryptoUtils.decrypt(encryptedItem); > } > > @Override > public List<T> readWithFilter(ReadFilter filter) throws InvalidKeyException { > List<T> encryptedList = memoryStorage.readWithFilter(filter); > return cryptoUtils.decrypt(encryptedList); > } > > @Override > public void save(T item) { > memoryStorage.save(cryptoUtils.encrypt(item)); > } > > @Override > public void reset() { > memoryStorage.reset(); > } > > @Override > public void remove(Serializable id) { > memoryStorage.remove(id); > } > > @Override > public boolean isEmpty() { > return memoryStorage.isEmpty(); > } > > } > > CryptoUtils > > Here is where the magic happens. > > > public class CryptoUtils<T> { > > private final KeyStore keyStore; > > public CryptoUtils(KeyStore keyStore) { > this.keyStore = keyStore; > } > > public Collection<T> decrypt(Collection<T> encryptedCollection) { > List<T> decryptedList = new ArrayList<T>(); > for (T item : encryptedCollection) { > decryptedList.add(decrypt(item)); > } > return decryptedList; > } > > public List<T> decrypt(List<T> encryptedList) { > List<T> decryptedList = new ArrayList<T>(); > for (T item : encryptedList) { > decryptedList.add(decrypt(item)); > } > return decryptedList; > } > > public T decrypt(T item) { > // TODO Read all fields and decrypt > return item; > } > > public T encrypt(T item) { > // TODO Read all fields and encrypt > return item; > } > > } > > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-dev _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev

I can be dead wrong, but please start a new thread to discuss about the site. Otherwise we will lose the real focus here. Hylke Bons wrote: > I'd like to chime in here a little bit, as this also involves the > website mockup I sent to the list earlier. Whatever the decision, I > highly recommend making the different (sub)libraries consistent across > platforms, so the mental model is the same everwhere. > > That said, the libraries should probably reflect the different > subprojects that we display on the main page. > > Hylke _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev

Daniel Passos <mailto:daniel@passos.me> November 6, 2013 at 2:24 PM <#> DataManager Crypto <#> Idea My idea is to read all fields, encrypt the field values and save it in store (Memory and SQLite)

<#> Problems 1) CryptoBox needs byte[] data to encrypt[1]. We need to get byte[] of all types 2) CryptoBox#decrypt returns a byte[] and we need to convert it by field type 3) How does it work with nested objects? Ugly code to set decrypted data by field type[2] <#> Solution/Proposal What about serializing entity/model to json, encrypt it and save in Store?

If we decide on this, we will not be able to make queries / ReadWithFilter (I think).[3] Any questions, thoughts or tomatoes before I move forward?

[1] https://github.com/aerogear/aerogear-crypto-java/blob/master/src/main/jav... [2] https://gist.github.com/danielpassos/31e024a8cfd6c64e151c [3] http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Querying-encrypted... _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev Hylke Bons <mailto:hbons@redhat.com> November 6, 2013 at 8:03 AM I already started a new thread for that and just wanted to refer to it as it's related. Hylke On 05/11/2013 16:51, Bruno Oliveira wrote: _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev Bruno Oliveira <mailto:bruno@abstractj.org> November 5, 2013 at 2:51 PM I can be dead wrong, but please start a new thread to discuss about the site. Otherwise we will lose the real focus here. Hylke Bons <mailto:hbons@redhat.com> November 5, 2013 at 11:40 AM On 05/11/2013 07:41, Corinne Krych wrote: > Hello all, > > I've got 2 points: > > - modularity: AeroGear libs are small and modular: we have a separate aerogear-otp-ios, aerogear-push-ios-registration so that if the user wants to use aerogear without push, he can use aerogear-ios, if he needs the push-registration, he uses both. For encryption store, where do we want to put EncryptedStore? aerogear-android depends on aerogear-crypto. I'd like to chime in here a little bit, as this also involves the website mockup I sent to the list earlier. Whatever the decision, I highly recommend making the different (sub)libraries consistent across platforms, so the mental model is the same everwhere. That said, the libraries should probably reflect the different subprojects that we display on the main page. Hylke > - Encrypting data takes time. It would be nice to have EncryptedStore encrypts data on separate thread and provide callbacks on completion. > thoughts? > > ++ > Corinne > On Nov 4, 2013, at 5:30 PM, Daniel Passos <daniel(a)passos.me&gt; wrote: > >> The idea is implementing only save(add/update) and delete, using the stores we already have today by just adding crypt / decrypt and scheduling Query (readWithFilter) for the next release >> DataManager >> >> public Store encryptedStore(String storeName, String passphrase) { >> // TODO Create a default passphrase-based KeyStore >> KeyStore keyStore = null; >> return encryptedStore(storeName, keyStore); >> } >> >> public Store encryptedStore(String storeName, KeyStore keyStore) { >> StoreConfig storeConfig = new StoreConfig(); >> storeConfig.setType(StoreTypes.ENCRYPTED_MEMORY); >> return encryptedStore(storeName, storeConfig, keyStore); >> } >> >> public Store encryptedStore(String storeName, StoreConfig config, String passphrase) { >> // TODO Create a default passphrase-based KeyStore >> KeyStore keyStore = null; >> return encryptedStore(storeName, config, keyStore); >> } >> >> public Store encryptedStore(String storeName, StoreConfig config, KeyStore keyStore) { >> config.setKeyStore(keyStore); >> Store store = storeFactory.createStore(config); >> stores.put(storeName, store); >> return store; >> } >> >> EncryptedMemoryStore >> >> public class EncryptedMemoryStore<T> implements Store<T> { >> >> private final MemoryStorage<T> memoryStorage; >> private final CryptoUtils<T> cryptoUtils; >> >> public EncryptedMemoryStore(IdGenerator idGenerator, KeyStore keyStore) { >> memoryStorage = new MemoryStorage(idGenerator); >> cryptoUtils = new CryptoUtils<T>(keyStore); >> } >> >> @Override >> public StoreType getType() { >> return StoreTypes.ENCRYPTED_MEMORY; >> } >> >> @Override >> public Collection<T> readAll() throws InvalidKeyException { >> Collection<T> encryptedCollection = memoryStorage.readAll(); >> return cryptoUtils.decrypt(encryptedCollection); >> } >> >> @Override >> public T read(Serializable id) throws InvalidKeyException { >> T encryptedItem = memoryStorage.read(id); >> return cryptoUtils.decrypt(encryptedItem); >> } >> >> @Override >> public List<T> readWithFilter(ReadFilter filter) throws InvalidKeyException { >> List<T> encryptedList = memoryStorage.readWithFilter(filter); >> return cryptoUtils.decrypt(encryptedList); >> } >> >> @Override >> public void save(T item) { >> memoryStorage.save(cryptoUtils.encrypt(item)); >> } >> >> @Override >> public void reset() { >> memoryStorage.reset(); >> } >> >> @Override >> public void remove(Serializable id) { >> memoryStorage.remove(id); >> } >> >> @Override >> public boolean isEmpty() { >> return memoryStorage.isEmpty(); >> } >> >> } >> >> CryptoUtils >> >> Here is where the magic happens. >> >> >> public class CryptoUtils<T> { >> >> private final KeyStore keyStore; >> >> public CryptoUtils(KeyStore keyStore) { >> this.keyStore = keyStore; >> } >> >> public Collection<T> decrypt(Collection<T> encryptedCollection) { >> List<T> decryptedList = new ArrayList<T>(); >> for (T item : encryptedCollection) { >> decryptedList.add(decrypt(item)); >> } >> return decryptedList; >> } >> >> public List<T> decrypt(List<T> encryptedList) { >> List<T> decryptedList = new ArrayList<T>(); >> for (T item : encryptedList) { >> decryptedList.add(decrypt(item)); >> } >> return decryptedList; >> } >> >> public T decrypt(T item) { >> // TODO Read all fields and decrypt >> return item; >> } >> >> public T encrypt(T item) { >> // TODO Read all fields and encrypt >> return item; >> } >> >> } >> >> _______________________________________________ >> aerogear-dev mailing list >> aerogear-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/aerogear-dev > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-dev _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev Corinne Krych <mailto:corinnekrych@gmail.com> November 5, 2013 at 5:41 AM Hello all, I've got 2 points: - modularity: AeroGear libs are small and modular: we have a separate aerogear-otp-ios, aerogear-push-ios-registration so that if the user wants to use aerogear without push, he can use aerogear-ios, if he needs the push-registration, he uses both. For encryption store, where do we want to put EncryptedStore? aerogear-android depends on aerogear-crypto. - Encrypting data takes time. It would be nice to have EncryptedStore encrypts data on separate thread and provide callbacks on completion. thoughts? ++ Corinne _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev

On Nov 6, 2013, at 7:12 PM, Bruno Oliveira <bruno(a)abstractj.org&gt; wrote: > Answers inline. > >> Daniel Passos <mailto:daniel@passos.me> >> November 6, 2013 at 2:24 PM >> <#> >> >> >> DataManager Crypto >> >> <#> >> >> >> Idea >> >> My idea is to read all fields, encrypt the field values and save it in >> store (Memory and SQLite) >> > Sounds like a plan. >> <#> >> >> >> Problems >> >> 1) CryptoBox needs byte[] data to encrypt[1]. We need to get byte[] of >> all types >> 2) CryptoBox#decrypt returns a byte[] and we need to convert it by >> field type >> 3) How does it work with nested objects? >> >> Ugly code to set decrypted data by field type[2] >> >> <#> >> >> >> Solution/Proposal >> >> What about serializing entity/model to json, encrypt it and save in Store? >> > Due to our target > (http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Security-release-d...), > the timing is too tight for encrypted queries (would be awesome indeed) > but we need to be realistic. > > So if the idea is to encrypt/decrypt a whole JSON +1 and we improve it > on the next release. >> >> If we decide on this, we will not be able to make queries / >> ReadWithFilter (I think).[3] >> >> Any questions, thoughts or tomatoes before I move forward? >> > From my side, go for it. +1 to move forward >> >> [1] >> https://github.com/aerogear/aerogear-crypto-java/blob/master/src/main/jav... >> [2] https://gist.github.com/danielpassos/31e024a8cfd6c64e151c >> [3] >> http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Querying-encrypted... >> >> _______________________________________________ >> aerogear-dev mailing list >> aerogear-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/aerogear-dev >> Hylke Bons <mailto:hbons@redhat.com> >> November 6, 2013 at 8:03 AM >> I already started a new thread for that and just wanted to refer to it >> as it's related. >> >> Hylke >> >> On 05/11/2013 16:51, Bruno Oliveira wrote: >> >> _______________________________________________ >> aerogear-dev mailing list >> aerogear-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/aerogear-dev >> Bruno Oliveira <mailto:bruno@abstractj.org> >> November 5, 2013 at 2:51 PM >> I can be dead wrong, but please start a new thread to discuss about the >> site. Otherwise we will lose the real focus here. >> >> Hylke Bons <mailto:hbons@redhat.com> >> November 5, 2013 at 11:40 AM >> On 05/11/2013 07:41, Corinne Krych wrote: >>> Hello all, >>> >>> I've got 2 points: >>> >>> - modularity: AeroGear libs are small and modular: we have a separate aerogear-otp-ios, aerogear-push-ios-registration so that if the user wants to use aerogear without push, he can use aerogear-ios, if he needs the push-registration, he uses both. For encryption store, where do we want to put EncryptedStore? aerogear-android depends on aerogear-crypto. >> >> I'd like to chime in here a little bit, as this also involves the >> website mockup I sent to the list earlier. Whatever the decision, I >> highly recommend making the different (sub)libraries consistent across >> platforms, so the mental model is the same everwhere. >> >> That said, the libraries should probably reflect the different >> subprojects that we display on the main page. >> >> Hylke >> >> >>> - Encrypting data takes time. It would be nice to have EncryptedStore encrypts data on separate thread and provide callbacks on completion. >>> thoughts? >>> >>> ++ >>> Corinne >>> On Nov 4, 2013, at 5:30 PM, Daniel Passos <daniel(a)passos.me&gt; wrote: >>> >>>> The idea is implementing only save(add/update) and delete, using the stores we already have today by just adding crypt / decrypt and scheduling Query (readWithFilter) for the next release >>>> DataManager >>>> >>>> public Store encryptedStore(String storeName, String passphrase) { >>>> // TODO Create a default passphrase-based KeyStore >>>> KeyStore keyStore = null; >>>> return encryptedStore(storeName, keyStore); >>>> } >>>> >>>> public Store encryptedStore(String storeName, KeyStore keyStore) { >>>> StoreConfig storeConfig = new StoreConfig(); >>>> storeConfig.setType(StoreTypes.ENCRYPTED_MEMORY); >>>> return encryptedStore(storeName, storeConfig, keyStore); >>>> } >>>> >>>> public Store encryptedStore(String storeName, StoreConfig config, String passphrase) { >>>> // TODO Create a default passphrase-based KeyStore >>>> KeyStore keyStore = null; >>>> return encryptedStore(storeName, config, keyStore); >>>> } >>>> >>>> public Store encryptedStore(String storeName, StoreConfig config, KeyStore keyStore) { >>>> config.setKeyStore(keyStore); >>>> Store store = storeFactory.createStore(config); >>>> stores.put(storeName, store); >>>> return store; >>>> } >>>> >>>> EncryptedMemoryStore >>>> >>>> public class EncryptedMemoryStore<T> implements Store<T> { >>>> >>>> private final MemoryStorage<T> memoryStorage; >>>> private final CryptoUtils<T> cryptoUtils; >>>> >>>> public EncryptedMemoryStore(IdGenerator idGenerator, KeyStore keyStore) { >>>> memoryStorage = new MemoryStorage(idGenerator); >>>> cryptoUtils = new CryptoUtils<T>(keyStore); >>>> } >>>> >>>> @Override >>>> public StoreType getType() { >>>> return StoreTypes.ENCRYPTED_MEMORY; >>>> } >>>> >>>> @Override >>>> public Collection<T> readAll() throws InvalidKeyException { >>>> Collection<T> encryptedCollection = memoryStorage.readAll(); >>>> return cryptoUtils.decrypt(encryptedCollection); >>>> } >>>> >>>> @Override >>>> public T read(Serializable id) throws InvalidKeyException { >>>> T encryptedItem = memoryStorage.read(id); >>>> return cryptoUtils.decrypt(encryptedItem); >>>> } >>>> >>>> @Override >>>> public List<T> readWithFilter(ReadFilter filter) throws InvalidKeyException { >>>> List<T> encryptedList = memoryStorage.readWithFilter(filter); >>>> return cryptoUtils.decrypt(encryptedList); >>>> } >>>> >>>> @Override >>>> public void save(T item) { >>>> memoryStorage.save(cryptoUtils.encrypt(item)); >>>> } >>>> >>>> @Override >>>> public void reset() { >>>> memoryStorage.reset(); >>>> } >>>> >>>> @Override >>>> public void remove(Serializable id) { >>>> memoryStorage.remove(id); >>>> } >>>> >>>> @Override >>>> public boolean isEmpty() { >>>> return memoryStorage.isEmpty(); >>>> } >>>> >>>> } >>>> >>>> CryptoUtils >>>> >>>> Here is where the magic happens. >>>> >>>> >>>> public class CryptoUtils<T> { >>>> >>>> private final KeyStore keyStore; >>>> >>>> public CryptoUtils(KeyStore keyStore) { >>>> this.keyStore = keyStore; >>>> } >>>> >>>> public Collection<T> decrypt(Collection<T> encryptedCollection) { >>>> List<T> decryptedList = new ArrayList<T>(); >>>> for (T item : encryptedCollection) { >>>> decryptedList.add(decrypt(item)); >>>> } >>>> return decryptedList; >>>> } >>>> >>>> public List<T> decrypt(List<T> encryptedList) { >>>> List<T> decryptedList = new ArrayList<T>(); >>>> for (T item : encryptedList) { >>>> decryptedList.add(decrypt(item)); >>>> } >>>> return decryptedList; >>>> } >>>> >>>> public T decrypt(T item) { >>>> // TODO Read all fields and decrypt >>>> return item; >>>> } >>>> >>>> public T encrypt(T item) { >>>> // TODO Read all fields and encrypt >>>> return item; >>>> } >>>> >>>> } >>>> >>>> _______________________________________________ >>>> aerogear-dev mailing list >>>> aerogear-dev(a)lists.jboss.org >>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev >>> _______________________________________________ >>> aerogear-dev mailing list >>> aerogear-dev(a)lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/aerogear-dev >> >> _______________________________________________ >> aerogear-dev mailing list >> aerogear-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/aerogear-dev >> Corinne Krych <mailto:corinnekrych@gmail.com> >> November 5, 2013 at 5:41 AM >> Hello all, >> >> I've got 2 points: >> >> - modularity: AeroGear libs are small and modular: we have a separate >> aerogear-otp-ios, aerogear-push-ios-registration so that if the user >> wants to use aerogear without push, he can use aerogear-ios, if he >> needs the push-registration, he uses both. For encryption store, where >> do we want to put EncryptedStore? aerogear-android depends on >> aerogear-crypto. >> >> - Encrypting data takes time. It would be nice to have EncryptedStore >> encrypts data on separate thread and provide callbacks on completion. >> thoughts? >> >> ++ >> Corinne >> >> >> _______________________________________________ >> aerogear-dev mailing list >> aerogear-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/aerogear-dev > > -- > abstractj > > > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-dev _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev

On 11/05/2013 02:41 AM, Corinne Krych wrote: > Hello all, > > I've got 2 points: > > - modularity: AeroGear libs are small and modular: we have a separate aerogear-otp-ios, aerogear-push-ios-registration so that if the user wants to use aerogear without push, he can use aerogear-ios, if he needs the push-registration, he uses both. For encryption store, where do we want to put EncryptedStore? aerogear-android depends on aerogear-crypto. On Android it is going into the main library. We can research slicing the client library up for 2.0, but I would like to, for now, make getting up and running with anything AeroGear on Android as simple as including the dependency. > > - Encrypting data takes time. It would be nice to have EncryptedStore encrypts data on separate thread and provide callbacks on completion. > thoughts? Then we would have an encrypted Pipe. One of the things about Stores is that they are synchronous, Pipes are asynchronous. > ++ > Corinne > On Nov 4, 2013, at 5:30 PM, Daniel Passos <daniel(a)passos.me&gt; wrote: > >> The idea is implementing only save(add/update) and delete, using the stores we already have today by just adding crypt / decrypt and scheduling Query (readWithFilter) for the next release >> DataManager >> >> public Store encryptedStore(String storeName, String passphrase) { >> // TODO Create a default passphrase-based KeyStore >> KeyStore keyStore = null; >> return encryptedStore(storeName, keyStore); >> } >> >> public Store encryptedStore(String storeName, KeyStore keyStore) { >> StoreConfig storeConfig = new StoreConfig(); >> storeConfig.setType(StoreTypes.ENCRYPTED_MEMORY); >> return encryptedStore(storeName, storeConfig, keyStore); >> } >> >> public Store encryptedStore(String storeName, StoreConfig config, String passphrase) { >> // TODO Create a default passphrase-based KeyStore >> KeyStore keyStore = null; >> return encryptedStore(storeName, config, keyStore); >> } >> >> public Store encryptedStore(String storeName, StoreConfig config, KeyStore keyStore) { >> config.setKeyStore(keyStore); >> Store store = storeFactory.createStore(config); >> stores.put(storeName, store); >> return store; >> } >> >> EncryptedMemoryStore >> >> public class EncryptedMemoryStore<T> implements Store<T> { >> >> private final MemoryStorage<T> memoryStorage; >> private final CryptoUtils<T> cryptoUtils; >> >> public EncryptedMemoryStore(IdGenerator idGenerator, KeyStore keyStore) { >> memoryStorage = new MemoryStorage(idGenerator); >> cryptoUtils = new CryptoUtils<T>(keyStore); >> } >> >> @Override >> public StoreType getType() { >> return StoreTypes.ENCRYPTED_MEMORY; >> } >> >> @Override >> public Collection<T> readAll() throws InvalidKeyException { >> Collection<T> encryptedCollection = memoryStorage.readAll(); >> return cryptoUtils.decrypt(encryptedCollection); >> } >> >> @Override >> public T read(Serializable id) throws InvalidKeyException { >> T encryptedItem = memoryStorage.read(id); >> return cryptoUtils.decrypt(encryptedItem); >> } >> >> @Override >> public List<T> readWithFilter(ReadFilter filter) throws InvalidKeyException { >> List<T> encryptedList = memoryStorage.readWithFilter(filter); >> return cryptoUtils.decrypt(encryptedList); >> } >> >> @Override >> public void save(T item) { >> memoryStorage.save(cryptoUtils.encrypt(item)); >> } >> >> @Override >> public void reset() { >> memoryStorage.reset(); >> } >> >> @Override >> public void remove(Serializable id) { >> memoryStorage.remove(id); >> } >> >> @Override >> public boolean isEmpty() { >> return memoryStorage.isEmpty(); >> } >> >> } >> >> CryptoUtils >> >> Here is where the magic happens. >> >> >> public class CryptoUtils<T> { >> >> private final KeyStore keyStore; >> >> public CryptoUtils(KeyStore keyStore) { >> this.keyStore = keyStore; >> } >> >> public Collection<T> decrypt(Collection<T> encryptedCollection) { >> List<T> decryptedList = new ArrayList<T>(); >> for (T item : encryptedCollection) { >> decryptedList.add(decrypt(item)); >> } >> return decryptedList; >> } >> >> public List<T> decrypt(List<T> encryptedList) { >> List<T> decryptedList = new ArrayList<T>(); >> for (T item : encryptedList) { >> decryptedList.add(decrypt(item)); >> } >> return decryptedList; >> } >> >> public T decrypt(T item) { >> // TODO Read all fields and decrypt >> return item; >> } >> >> public T encrypt(T item) { >> // TODO Read all fields and encrypt >> return item; >> } >> >> } >> >> _______________________________________________ >> aerogear-dev mailing list >> aerogear-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/aerogear-dev > > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-dev _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev

On Tue 05 Nov 2013 12:08:09 PM EST, Corinne Krych wrote: > > Hi Summers > > Referring to > http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Fallback-Strat-for... > where we might have async API for store in JS, I think we might > benefit of async for native apps too, specially in the case of > encrypted stores. > > Something like https://github.com/rnapier/RNCryptor#asynchronous-use > > Of course, it can be done in later releases. Encrypting large field, > you don't want to have your UI sluggish. > > wdyt? The DataManager/Data Store API is synchronous, Pipes and Piplines are asynchronous. That is a key difference. I don't know about iOS but on Android not everything happens on the main thread, for instance we could be dealing with a processing a service intent for instance. > > ++ > Corinne > > On 5 November 2013 17:44, Summers Pittman <supittma(a)redhat.com > <mailto:supittma@redhat.com>> wrote: > > On 11/05/2013 02:41 AM, Corinne Krych wrote: > > Hello all, > > > > I've got 2 points: > > > > - modularity: AeroGear libs are small and modular: we have a > separate aerogear-otp-ios, aerogear-push-ios-registration so that > if the user wants to use aerogear without push, he can use > aerogear-ios, if he needs the push-registration, he uses both. For > encryption store, where do we want to put EncryptedStore? > aerogear-android depends on aerogear-crypto. > On Android it is going into the main library. We can research slicing > the client library up for 2.0, but I would like to, for now, make > getting up and running with anything AeroGear on Android as simple as > including the dependency. > > > > - Encrypting data takes time. It would be nice to have > EncryptedStore encrypts data on separate thread and provide > callbacks on completion. > > thoughts? > Then we would have an encrypted Pipe. One of the things about > Stores is > that they are synchronous, Pipes are asynchronous. > > > > > ++ > > Corinne > > On Nov 4, 2013, at 5:30 PM, Daniel Passos <daniel(a)passos.me > <mailto:daniel@passos.me>> wrote: > > > >> The idea is implementing only save(add/update) and delete, > using the stores we already have today by just adding crypt / > decrypt and scheduling Query (readWithFilter) for the next release > >> DataManager > >> > >> public Store encryptedStore(String storeName, String passphrase) { > >> // TODO Create a default passphrase-based KeyStore > >> KeyStore keyStore = null; > >> return encryptedStore(storeName, keyStore); > >> } > >> > >> public Store encryptedStore(String storeName, KeyStore keyStore) { > >> StoreConfig storeConfig = new StoreConfig(); > >> storeConfig.setType(StoreTypes.ENCRYPTED_MEMORY); > >> return encryptedStore(storeName, storeConfig, keyStore); > >> } > >> > >> public Store encryptedStore(String storeName, StoreConfig > config, String passphrase) { > >> // TODO Create a default passphrase-based KeyStore > >> KeyStore keyStore = null; > >> return encryptedStore(storeName, config, keyStore); > >> } > >> > >> public Store encryptedStore(String storeName, StoreConfig > config, KeyStore keyStore) { > >> config.setKeyStore(keyStore); > >> Store store = storeFactory.createStore(config); > >> stores.put(storeName, store); > >> return store; > >> } > >> > >> EncryptedMemoryStore > >> > >> public class EncryptedMemoryStore<T> implements Store<T> { > >> > >> private final MemoryStorage<T> memoryStorage; > >> private final CryptoUtils<T> cryptoUtils; > >> > >> public EncryptedMemoryStore(IdGenerator idGenerator, > KeyStore keyStore) { > >> memoryStorage = new MemoryStorage(idGenerator); > >> cryptoUtils = new CryptoUtils<T>(keyStore); > >> } > >> > >> @Override > >> public StoreType getType() { > >> return StoreTypes.ENCRYPTED_MEMORY; > >> } > >> > >> @Override > >> public Collection<T> readAll() throws InvalidKeyException { > >> Collection<T> encryptedCollection = > memoryStorage.readAll(); > >> return cryptoUtils.decrypt(encryptedCollection); > >> } > >> > >> @Override > >> public T read(Serializable id) throws InvalidKeyException { > >> T encryptedItem = memoryStorage.read(id); > >> return cryptoUtils.decrypt(encryptedItem); > >> } > >> > >> @Override > >> public List<T> readWithFilter(ReadFilter filter) throws > InvalidKeyException { > >> List<T> encryptedList = > memoryStorage.readWithFilter(filter); > >> return cryptoUtils.decrypt(encryptedList); > >> } > >> > >> @Override > >> public void save(T item) { > >> memoryStorage.save(cryptoUtils.encrypt(item)); > >> } > >> > >> @Override > >> public void reset() { > >> memoryStorage.reset(); > >> } > >> > >> @Override > >> public void remove(Serializable id) { > >> memoryStorage.remove(id); > >> } > >> > >> @Override > >> public boolean isEmpty() { > >> return memoryStorage.isEmpty(); > >> } > >> > >> } > >> > >> CryptoUtils > >> > >> Here is where the magic happens. > >> > >> > >> public class CryptoUtils<T> { > >> > >> private final KeyStore keyStore; > >> > >> public CryptoUtils(KeyStore keyStore) { > >> this.keyStore = keyStore; > >> } > >> > >> public Collection<T> decrypt(Collection<T> > encryptedCollection) { > >> List<T> decryptedList = new ArrayList<T>(); > >> for (T item : encryptedCollection) { > >> decryptedList.add(decrypt(item)); > >> } > >> return decryptedList; > >> } > >> > >> public List<T> decrypt(List<T> encryptedList) { > >> List<T> decryptedList = new ArrayList<T>(); > >> for (T item : encryptedList) { > >> decryptedList.add(decrypt(item)); > >> } > >> return decryptedList; > >> } > >> > >> public T decrypt(T item) { > >> // TODO Read all fields and decrypt > >> return item; > >> } > >> > >> public T encrypt(T item) { > >> // TODO Read all fields and encrypt > >> return item; > >> } > >> > >> } > >> > >> _______________________________________________ > >> aerogear-dev mailing list > >> aerogear-dev(a)lists.jboss.org <mailto:aerogear-dev@lists.jboss.org> > >> https://lists.jboss.org/mailman/listinfo/aerogear-dev > > > > _______________________________________________ > > aerogear-dev mailing list > > aerogear-dev(a)lists.jboss.org <mailto:aerogear-dev@lists.jboss.org> > > https://lists.jboss.org/mailman/listinfo/aerogear-dev > > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org <mailto:aerogear-dev@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/aerogear-dev > > > > > _______________________________________________ > aerogear-dev mailing list > aerogear-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/aerogear-dev

On 11/04/2013 11:30 AM, Daniel Passos wrote: <#1422924aa0738a79_> The idea is implementing only save(add/update) and delete, using the stores we already have today by just adding crypt / decrypt and scheduling Query (readWithFilter) for the next release +1, Do we have relevant JIRA's which are up to date with respect to query? *DataManager* public Store encryptedStore(String storeName, String passphrase) { // TODO Create a default passphrase-based KeyStore KeyStore keyStore = null; return encryptedStore(storeName, keyStore); } public Store encryptedStore(String storeName, KeyStore keyStore) { StoreConfig storeConfig = new StoreConfig(); storeConfig.setType(StoreTypes.ENCRYPTED_MEMORY); return encryptedStore(storeName, storeConfig, keyStore); } public Store encryptedStore(String storeName, StoreConfig config, String passphrase) { // TODO Create a default passphrase-based KeyStore KeyStore keyStore = null; return encryptedStore(storeName, config, keyStore); } public Store encryptedStore(String storeName, StoreConfig config, KeyStore keyStore) { config.setKeyStore(keyStore); Store store = storeFactory.createStore(config); stores.put(storeName, store); return store; } Maybe it bight be better to extract all of these methods into a factory? From the user's point of view they would preform something like this StoreConfig config = new StoreConfig(); config.setType(ENCRYPTED_MEMORY); config.setCryptoBox(crypto); config.setName("encrypted") EncryptedStore = dataManager.store(config); and have the selecting which encryptedStore method left up to the library on the back end.

My biggest concern is that having so many possible methods. *EncryptedMemoryStore* public class EncryptedMemoryStore<T> implements Store<T> { private final MemoryStorage<T> memoryStorage; private final CryptoUtils<T> cryptoUtils; public EncryptedMemoryStore(IdGenerator idGenerator, KeyStore keyStore) { memoryStorage = new MemoryStorage(idGenerator); cryptoUtils = new CryptoUtils<T>(keyStore); } @Override public StoreType getType() { return StoreTypes.ENCRYPTED_MEMORY; } @Override public Collection<T> readAll() throws InvalidKeyException { Collection<T> encryptedCollection = memoryStorage.readAll(); return cryptoUtils.decrypt(encryptedCollection); } @Override public T read(Serializable id) throws InvalidKeyException { T encryptedItem = memoryStorage.read(id); return cryptoUtils.decrypt(encryptedItem); } @Override public List<T> readWithFilter(ReadFilter filter) throws InvalidKeyException { List<T> encryptedList = memoryStorage.readWithFilter(filter); return cryptoUtils.decrypt(encryptedList); } @Override public void save(T item) { memoryStorage.save(cryptoUtils.encrypt(item)); } @Override public void reset() { memoryStorage.reset(); } @Override public void remove(Serializable id) { memoryStorage.remove(id); } @Override public boolean isEmpty() { return memoryStorage.isEmpty(); } } So do we need a KeyStore with an in memory implementation? Since the data will be wiped every time the app starts, we could just generate the key on the fly and keep it resident while the store is around. If the store gets GC'd then we have to fetch the data again anyway. Alternatively, if we are NOT keeping a reference to the key, how do we make sure it is only in memory for a little time as possible? *CryptoUtils* Here is where the magic happens. public class CryptoUtils<T> { private final KeyStore keyStore; public CryptoUtils(KeyStore keyStore) { this.keyStore = keyStore; } public Collection<T> decrypt(Collection<T> encryptedCollection) { List<T> decryptedList = new ArrayList<T>(); for (T item : encryptedCollection) { decryptedList.add(decrypt(item)); } return decryptedList; } public List<T> decrypt(List<T> encryptedList) { List<T> decryptedList = new ArrayList<T>(); for (T item : encryptedList) { decryptedList.add(decrypt(item)); } return decryptedList; } public T decrypt(T item) { // TODO Read all fields and decrypt return item; } public T encrypt(T item) { // TODO Read all fields and encrypt return item; } } _______________________________________________ aerogear-dev mailing listaerogear-dev@lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/aerogear-dev _______________________________________________ aerogear-dev mailing list aerogear-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/aerogear-dev