2:02 p.m.
Good morning all, just to start the discussion about the APIs and
encrypted storage I wrote this gist. Probably after some revisions I
hope to make it a specification.
Regarding the available scenarios, feel free to add or change the priority.
Gist: https://gist.github.com/abstractj/f1229ae075f8e6688c75
# AeroGear Crypto API
**Note**: This document is a working progress
# Authors
- Bruno Oliveira
- *put your pretty name here*
## Goals
- User friendly interface for non crypto experts
- Advanced developers can make use of the pure crypto provider
implementation.
## Supported Algorithms
- https://issues.jboss.org/browse/AGSEC-114
## Scenarios
**Note**: For all scenarios the authentication process was intentionally
ignored.
- A logged in user wants to store sensitive data on mobile
- The mobile device goes offline but the sensitive data must be safe
[Under development]
- Device was stolen and data must be destroyed
[Under development]
- The data must be backed up on the server, but passwords can't be exposed
[Under development]
- The application was installed into another device and the keys must be
revoked on the server
[Under development]
- User wants to configure for how long the keys will be considered valid
## JavaScript
### Dependencies
- [sjcl](http://crypto.stanford.edu/sjcl/) with wrappers for basic
functionalities like: encrypt, decrypt, password salting and key pair
generation.
### Implementation details
- The size of sjcl library is still a concern (28K)
- Crypto bits were built in a separate module so it may be
included/excluded in a custom build.
- The project will be developed under AeroGear.js repository
(https://github.com/aerogear/aerogear-js/pull/57)
### API (draft 0)
- Password based key derivation support (PBKDF2)
myEncryptedPassword = AeroGear.password("strong");
- Symmetric encryption support (GCM)
- Encryption:
var options = {
IV: superRandomInitializationVector,
AAD: "whateverAuthenticatedData",
key: generatedKey,
data: "My bonnie lies over the ocean"
};
var cipherText = AeroGear.encrypt( options );
- Decryption:
var options = {
IV: superRandomInitializationVector,
AAD: "whateverAuthenticatedData",
key: generatedKey,
data: cipherText
};
AeroGear.decrypt( options );
- Message authentication support (GMAC, HMAC)
[Under development]
**Note**: The implementations below are currently under discussion at
https://github.com/aerogear/aerogear-js/pull/62
- Hashing support (SHA-256, SHA-512)
digest = AeroGear.crypto.hash("some message");
- Asymmetric encryption support (ECC)
var hex = sjcl.codec.hex,
keyPair = new AeroGear.crypto.KeyPair(),
cipherText, plainText,
options = {
IV: superRandomInitializationVector,
AAD: "whateverAuthenticatedData",
key: keyPair.publicKey,
data: ""My bonnie lies over the ocean"
};
cipherText = AeroGear.crypto.encrypt( options );
options.key = keyPair.privateKey;
options.data = cipherText;
plainText = AeroGear.crypto.decrypt( options );
- Digital signatures support (ECDSA)
var validation,
options = {
keys: sjcl.ecc.ecdsa.generateKeys(192),
message: "My bonnie lies over the ocean"
};
options.signature = AeroGear.crypto.sign( options );
validation = AeroGear.crypto.verify( options );
## Android
### Dependencies
- [Spongy Castle](http://rtyley.github.io/spongycastle/) with wrappers
for basic functionalities like: encrypt, decrypt, password salting and
key pair generation.
### Implementation details
- The bouncycastle "provided" in Android doesn't have ECDH that's the
reason why Spongy Castle was chosen.
- aerogear-crypto-java will be the main repository to provide a crypto
API for Android and the Java server.
### API (draft 0)
**Note**: The implementations below are currently under discussion at
https://github.com/aerogear/aerogear-crypto-java/tree/refactoring
- Password based key derivation support (PBKDF2)
Pbkdf2 pbkdf2 = AeroGearCrypto.pbkdf2();
byte[] rawPassword = pbkdf2.encrypt(PASSWORD);
- Symmetric encryption support (GCM)
- Encryption:
CryptoBox cryptoBox = new CryptoBox(new
PrivateKey(SOME_SECRET_KEY));
final byte[] IV = new Random().randomBytes();
final byte[] message = "My bonnie lies over the
ocean".getBytes();
final byte[] ciphertext = cryptoBox.encrypt(IV, message);
- Decryption:
CryptoBox pandora = new CryptoBox(new
PrivateKey(SOME_SECRET_KEY));
final byte[] message = pandora.decrypt(IV, ciphertext);
- Message authentication support (GMAC, HMAC)
[Under development]
- Hashing support (SHA-256, SHA-512)
[Under development]
- Asymmetric encryption support (ECC)
KeyPair keyPair = new KeyPair();
KeyPair keyPairPandora = new KeyPair();
CryptoBox cryptoBox = new CryptoBox(keyPair.getPrivateKey(),
keyPairPandora.getPublicKey());
final byte[] IV = new Random().randomBytes();
final byte[] message = "My bonnie lies over the ocean".getBytes();
final byte[] ciphertext = cryptoBox.encrypt(IV, message);
CryptoBox pandora = new
CryptoBox(keyPairPandora.getPrivateKey(), keyPair.getPublicKey());
final byte[] message = pandora.decrypt(IV, ciphertext);
- Digital signatures support (ECDSA)
[Under development]
## iOS
### Dependencies
[TBD] - http://oksoclap.com/p/iOS_Meeting_(Security)
- [Common
Crypto](https://developer.apple.com/library/mac/documentation/security/co...
### Implementation details
[TBD]
### API (draft 0)
- Password based key derivation support (PBKDF2)
[Under development]
- Symmetric encryption support (GCM)
[Under development]
- Message authentication support (GMAC, HMAC)
[Under development]
- Hashing support (SHA-256, SHA-512)
[Under development]
- Asymmetric encryption support (ECC)
[Under development]
- Digital signatures support (ECDSA)
[Under development]
--
abstractj
3:46 p.m.
So I have been waiting to see if others would chime in since I tend to be one of the first
to always chime in on these types of things and Luke and I have been working very closely
with Bruno on this. I am happy with the intro and JS portions but can't fully speak to
the other sections. Other input is needed please.
On Oct 7, 2013, at 2:02 PM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
Good morning all, just to start the discussion about the APIs and
encrypted storage I wrote this gist. Probably after some revisions I
hope to make it a specification.
Regarding the available scenarios, feel free to add or change the priority.
Gist: https://gist.github.com/abstractj/f1229ae075f8e6688c75
# AeroGear Crypto API
**Note**: This document is a working progress
# Authors
- Bruno Oliveira
- *put your pretty name here*
## Goals
- User friendly interface for non crypto experts
- Advanced developers can make use of the pure crypto provider
implementation.
## Supported Algorithms
- https://issues.jboss.org/browse/AGSEC-114
## Scenarios
**Note**: For all scenarios the authentication process was intentionally
ignored.
- A logged in user wants to store sensitive data on mobile
- The mobile device goes offline but the sensitive data must be safe
[Under development]
- Device was stolen and data must be destroyed
[Under development]
- The data must be backed up on the server, but passwords can't be exposed
[Under development]
- The application was installed into another device and the keys must be
revoked on the server
[Under development]
- User wants to configure for how long the keys will be considered valid
## JavaScript
### Dependencies
- [sjcl](http://crypto.stanford.edu/sjcl/) with wrappers for basic
functionalities like: encrypt, decrypt, password salting and key pair
generation.
### Implementation details
- The size of sjcl library is still a concern (28K)
- Crypto bits were built in a separate module so it may be
included/excluded in a custom build.
- The project will be developed under AeroGear.js repository
(https://github.com/aerogear/aerogear-js/pull/57)
### API (draft 0)
- Password based key derivation support (PBKDF2)
myEncryptedPassword = AeroGear.password("strong");
- Symmetric encryption support (GCM)
- Encryption:
var options = {
IV: superRandomInitializationVector,
AAD: "whateverAuthenticatedData",
key: generatedKey,
data: "My bonnie lies over the ocean"
};
var cipherText = AeroGear.encrypt( options );
- Decryption:
var options = {
IV: superRandomInitializationVector,
AAD: "whateverAuthenticatedData",
key: generatedKey,
data: cipherText
};
AeroGear.decrypt( options );
- Message authentication support (GMAC, HMAC)
[Under development]
**Note**: The implementations below are currently under discussion at
https://github.com/aerogear/aerogear-js/pull/62
- Hashing support (SHA-256, SHA-512)
digest = AeroGear.crypto.hash("some message");
- Asymmetric encryption support (ECC)
var hex = sjcl.codec.hex,
keyPair = new AeroGear.crypto.KeyPair(),
cipherText, plainText,
options = {
IV: superRandomInitializationVector,
AAD: "whateverAuthenticatedData",
key: keyPair.publicKey,
data: ""My bonnie lies over the ocean"
};
cipherText = AeroGear.crypto.encrypt( options );
options.key = keyPair.privateKey;
options.data = cipherText;
plainText = AeroGear.crypto.decrypt( options );
- Digital signatures support (ECDSA)
var validation,
options = {
keys: sjcl.ecc.ecdsa.generateKeys(192),
message: "My bonnie lies over the ocean"
};
options.signature = AeroGear.crypto.sign( options );
validation = AeroGear.crypto.verify( options );
## Android
### Dependencies
- [Spongy Castle](http://rtyley.github.io/spongycastle/) with wrappers
for basic functionalities like: encrypt, decrypt, password salting and
key pair generation.
### Implementation details
- The bouncycastle "provided" in Android doesn't have ECDH that's the
reason why Spongy Castle was chosen.
- aerogear-crypto-java will be the main repository to provide a crypto
API for Android and the Java server.
### API (draft 0)
**Note**: The implementations below are currently under discussion at
https://github.com/aerogear/aerogear-crypto-java/tree/refactoring
- Password based key derivation support (PBKDF2)
Pbkdf2 pbkdf2 = AeroGearCrypto.pbkdf2();
byte[] rawPassword = pbkdf2.encrypt(PASSWORD);
- Symmetric encryption support (GCM)
- Encryption:
CryptoBox cryptoBox = new CryptoBox(new
PrivateKey(SOME_SECRET_KEY));
final byte[] IV = new Random().randomBytes();
final byte[] message = "My bonnie lies over the
ocean".getBytes();
final byte[] ciphertext = cryptoBox.encrypt(IV, message);
- Decryption:
CryptoBox pandora = new CryptoBox(new
PrivateKey(SOME_SECRET_KEY));
final byte[] message = pandora.decrypt(IV, ciphertext);
- Message authentication support (GMAC, HMAC)
[Under development]
- Hashing support (SHA-256, SHA-512)
[Under development]
- Asymmetric encryption support (ECC)
KeyPair keyPair = new KeyPair();
KeyPair keyPairPandora = new KeyPair();
CryptoBox cryptoBox = new CryptoBox(keyPair.getPrivateKey(),
keyPairPandora.getPublicKey());
final byte[] IV = new Random().randomBytes();
final byte[] message = "My bonnie lies over the ocean".getBytes();
final byte[] ciphertext = cryptoBox.encrypt(IV, message);
CryptoBox pandora = new
CryptoBox(keyPairPandora.getPrivateKey(), keyPair.getPublicKey());
final byte[] message = pandora.decrypt(IV, ciphertext);
- Digital signatures support (ECDSA)
[Under development]
## iOS
### Dependencies
[TBD] - http://oksoclap.com/p/iOS_Meeting_(Security)
- [Common
Crypto](https://developer.apple.com/library/mac/documentation/security/co...
### Implementation details
[TBD]
### API (draft 0)
- Password based key derivation support (PBKDF2)
[Under development]
- Symmetric encryption support (GCM)
[Under development]
- Message authentication support (GMAC, HMAC)
[Under development]
- Hashing support (SHA-256, SHA-512)
[Under development]
- Asymmetric encryption support (ECC)
[Under development]
- Digital signatures support (ECDSA)
[Under development]
--
abstractj
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
3:45 a.m.
Thanks for putting together the gist; I did read several times over it, and
I guess it mostly makes sense :-)
However I do have a few (minor?) questions:
===JavaScript:===
* key: generatedKey,
where does the generate key come from ? Is that a key that, as shown in the
diagram, comes from "the server"?
Java
* CryptoBox: It is used for different algorithms (GCM and ECC), like a
"ToolBox" / "ToolChain", right ?
* PBKDF2: However, in the (outdated?) gist we use a function
(AeroGearCrypto.pbkdf2()) to get access to the Pbkdf2 class; I can't see
that in the code - there a direct usage of the Pbkdf2 class is present.
Now, wondering about the different 'access' mechanisms
(AeroGearCrypto.pbkdf2() vs. CryptoBox), does it make sense (honestly not
sure) to add the 'PBKDF2' to the "CryptoBox" as well ?
@iOS
we had a kick off meeting early this week, and now trying to see how we
move on. A few infos are available in this forked gist:
https://gist.github.com/matzew/7cdf1831c55e3d656477
More to follow....
On Mon, Oct 7, 2013 at 9:02 PM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
Good morning all, just to start the discussion about the APIs and
encrypted storage I wrote this gist. Probably after some revisions I
hope to make it a specification.
Regarding the available scenarios, feel free to add or change the priority.
Gist: https://gist.github.com/abstractj/f1229ae075f8e6688c75
# AeroGear Crypto API
**Note**: This document is a working progress
# Authors
- Bruno Oliveira
- *put your pretty name here*
## Goals
- User friendly interface for non crypto experts
- Advanced developers can make use of the pure crypto provider
implementation.
## Supported Algorithms
- https://issues.jboss.org/browse/AGSEC-114
## Scenarios
**Note**: For all scenarios the authentication process was intentionally
ignored.
- A logged in user wants to store sensitive data on mobile
- The mobile device goes offline but the sensitive data must be safe
[Under development]
- Device was stolen and data must be destroyed
[Under development]
- The data must be backed up on the server, but passwords can't be exposed
[Under development]
- The application was installed into another device and the keys must be
revoked on the server
[Under development]
- User wants to configure for how long the keys will be considered valid
## JavaScript
### Dependencies
- [sjcl](http://crypto.stanford.edu/sjcl/) with wrappers for basic
functionalities like: encrypt, decrypt, password salting and key pair
generation.
### Implementation details
- The size of sjcl library is still a concern (28K)
- Crypto bits were built in a separate module so it may be
included/excluded in a custom build.
- The project will be developed under AeroGear.js repository
(https://github.com/aerogear/aerogear-js/pull/57)
### API (draft 0)
- Password based key derivation support (PBKDF2)
myEncryptedPassword = AeroGear.password("strong");
- Symmetric encryption support (GCM)
- Encryption:
var options = {
IV: superRandomInitializationVector,
AAD: "whateverAuthenticatedData",
key: generatedKey,
data: "My bonnie lies over the ocean"
};
var cipherText = AeroGear.encrypt( options );
- Decryption:
var options = {
IV: superRandomInitializationVector,
AAD: "whateverAuthenticatedData",
key: generatedKey,
data: cipherText
};
AeroGear.decrypt( options );
- Message authentication support (GMAC, HMAC)
[Under development]
**Note**: The implementations below are currently under discussion at
https://github.com/aerogear/aerogear-js/pull/62
- Hashing support (SHA-256, SHA-512)
digest = AeroGear.crypto.hash("some message");
- Asymmetric encryption support (ECC)
var hex = sjcl.codec.hex,
keyPair = new AeroGear.crypto.KeyPair(),
cipherText, plainText,
options = {
IV: superRandomInitializationVector,
AAD: "whateverAuthenticatedData",
key: keyPair.publicKey,
data: ""My bonnie lies over the ocean"
};
cipherText = AeroGear.crypto.encrypt( options );
options.key = keyPair.privateKey;
options.data = cipherText;
plainText = AeroGear.crypto.decrypt( options );
- Digital signatures support (ECDSA)
var validation,
options = {
keys: sjcl.ecc.ecdsa.generateKeys(192),
message: "My bonnie lies over the ocean"
};
options.signature = AeroGear.crypto.sign( options );
validation = AeroGear.crypto.verify( options );
## Android
### Dependencies
- [Spongy Castle](http://rtyley.github.io/spongycastle/) with wrappers
for basic functionalities like: encrypt, decrypt, password salting and
key pair generation.
### Implementation details
- The bouncycastle "provided" in Android doesn't have ECDH that's the
reason why Spongy Castle was chosen.
- aerogear-crypto-java will be the main repository to provide a crypto
API for Android and the Java server.
### API (draft 0)
**Note**: The implementations below are currently under discussion at
https://github.com/aerogear/aerogear-crypto-java/tree/refactoring
- Password based key derivation support (PBKDF2)
Pbkdf2 pbkdf2 = AeroGearCrypto.pbkdf2();
byte[] rawPassword = pbkdf2.encrypt(PASSWORD);
- Symmetric encryption support (GCM)
- Encryption:
CryptoBox cryptoBox = new CryptoBox(new
PrivateKey(SOME_SECRET_KEY));
final byte[] IV = new Random().randomBytes();
final byte[] message = "My bonnie lies over the
ocean".getBytes();
final byte[] ciphertext = cryptoBox.encrypt(IV, message);
- Decryption:
CryptoBox pandora = new CryptoBox(new
PrivateKey(SOME_SECRET_KEY));
final byte[] message = pandora.decrypt(IV, ciphertext);
- Message authentication support (GMAC, HMAC)
[Under development]
- Hashing support (SHA-256, SHA-512)
[Under development]
- Asymmetric encryption support (ECC)
KeyPair keyPair = new KeyPair();
KeyPair keyPairPandora = new KeyPair();
CryptoBox cryptoBox = new CryptoBox(keyPair.getPrivateKey(),
keyPairPandora.getPublicKey());
final byte[] IV = new Random().randomBytes();
final byte[] message = "My bonnie lies over the ocean".getBytes();
final byte[] ciphertext = cryptoBox.encrypt(IV, message);
CryptoBox pandora = new
CryptoBox(keyPairPandora.getPrivateKey(), keyPair.getPublicKey());
final byte[] message = pandora.decrypt(IV, ciphertext);
- Digital signatures support (ECDSA)
[Under development]
## iOS
### Dependencies
[TBD] - http://oksoclap.com/p/iOS_Meeting_(Security)
- [Common
Crypto](
https://developer.apple.com/library/mac/documentation/security/conceptual...
)
### Implementation details
[TBD]
### API (draft 0)
- Password based key derivation support (PBKDF2)
[Under development]
- Symmetric encryption support (GCM)
[Under development]
- Message authentication support (GMAC, HMAC)
[Under development]
- Hashing support (SHA-256, SHA-512)
[Under development]
- Asymmetric encryption support (ECC)
[Under development]
- Digital signatures support (ECDSA)
[Under development]
--
abstractj
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
6:58 a.m.
Matthias Wessendorf wrote:
Thanks for putting together the gist; I did read several times over
it, and I guess it mostly makes sense :-)
However I do have a few (minor?) questions:
===JavaScript:===
* key: generatedKey,
where does the generate key come from ? Is that a key that, as shown
in the diagram, comes from "the server"?
Which kind of section are we
talking about? Basically I skipped it into
the documentation because developers are able to provide their own but
you can see an example here:
https://github.com/aerogear/aerogear-js/blob/master/tests/unit/crypto/aer...
(that was used only for unit test purposes to guess the output)
If you think that's not enough I'm fine providing an example about how
to properly generate the key.
Java
* CryptoBox: It is used for different algorithms (GCM and ECC), like a
"ToolBox" / "ToolChain", right ?
Once there are several tools
named "ToolBox, ToolChain" outside there I
will avoid comparisons. CryptoBox is the class responsible to accept a
single key or a key pair and encrypt/decrypt the data.
* PBKDF2: However, in the (outdated?) gist we use a function
(AeroGearCrypto.pbkdf2()) to get access to the Pbkdf2 class;
I don't think so,
once the code wasn't merge I can't make assumptions
into something that "might be" merged.
I can't see that in the code - there a direct usage of the
Pbkdf2
class is present.
Until we get that code merged, I think is reasonable to keep it
as is.
Now, wondering about the different 'access' mechanisms
(AeroGearCrypto.pbkdf2() vs. CryptoBox), does it make sense (honestly
not sure) to add the 'PBKDF2' to the "CryptoBox" as well ?
I
don't think so, because they are used for different purposes:
CryptoBox - Accept a key or a key pair for symmetric/asymetric encryption
PBKDF2 - For passwords as we discussed
@iOS
we had a kick off meeting early this week, and now trying to see how
we move on. A few infos are available in this forked gist:
https://gist.github.com/matzew/7cdf1831c55e3d656477
More to follow....
Let me know if something is not clear.
--
abstractj
7:26 a.m.
On Thu, Oct 10, 2013 at 1:58 PM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
Matthias Wessendorf wrote:
> Thanks for putting together the gist; I did read several times over
> it, and I guess it mostly makes sense :-)
>
> However I do have a few (minor?) questions:
>
> ===JavaScript:===
>
> * key: generatedKey,
>
> where does the generate key come from ? Is that a key that, as shown
> in the diagram, comes from "the server"?
Which kind of section are we talking about? Basically I skipped it into
the documentation because developers are able to provide their own but
you can see an example here:
https://github.com/aerogear/aerogear-js/blob/master/tests/unit/crypto/aer...
(that was used only for unit test purposes to guess the output)
If you think that's not enough I'm fine providing an example about how
to properly generate the key.
Not sure we need it on the gist, but I think it does not hurt.
I understand (like in the test) that we locally generate the key, but the
first diagram (for instance) was a bit confusing. Now I understand
it is an option, e.g. to request a key from a server: so it is really up to
the developer (e.g. request a remote key), not up to our library.
Our library "just" uses any given key, or am I wrong ?
>
> Java
>
> * CryptoBox: It is used for different algorithms (GCM and ECC), like a
> "ToolBox" / "ToolChain", right ?
Once there are several tools named "ToolBox, ToolChain" outside there I
will avoid comparisons. CryptoBox is the class responsible to accept a
single key or a key pair and encrypt/decrypt the data.
Ah! Ok, I think now it makes sense. I think the name of the class was
misleading (to me)
>
> * PBKDF2: However, in the (outdated?) gist we use a function
> (AeroGearCrypto.pbkdf2()) to get access to the Pbkdf2 class;
I don't think so, once the code wasn't merge I can't make assumptions
into something that "might be" merged.
not sure what you mean.
> I can't see that in the code - there a direct usage of the
Pbkdf2
> class is present.
Until we get that code merged, I think is reasonable to keep it as is.
that is fine
>
> Now, wondering about the different 'access' mechanisms
> (AeroGearCrypto.pbkdf2() vs. CryptoBox), does it make sense (honestly
> not sure) to add the 'PBKDF2' to the "CryptoBox" as well ?
I don't think so, because they are used for different purposes:
CryptoBox - Accept a key or a key pair for symmetric/asymetric encryption
PBKDF2 - For passwords as we discussed
yeah, now it is more clear to me, that the "CryptoBox" is not really like a
"ToolBox" for different alogrythms
-Matthias
>
>
> @iOS
>
> we had a kick off meeting early this week, and now trying to see how
> we move on. A few infos are available in this forked gist:
>
> https://gist.github.com/matzew/7cdf1831c55e3d656477
>
> More to follow....
Let me know if something is not clear.
--
abstractj
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
8:09 a.m.
Ahoy answers inline.
Matthias Wessendorf wrote:
On Thu, Oct 10, 2013 at 1:58 PM, Bruno Oliveira <bruno(a)abstractj.org
<mailto:bruno@abstractj.org>> wrote:
Matthias Wessendorf wrote:
> Thanks for putting together the gist; I did read several times over
> it, and I guess it mostly makes sense :-)
>
> However I do have a few (minor?) questions:
>
> ===JavaScript:===
>
> * key: generatedKey,
>
> where does the generate key come from ? Is that a key that, as shown
> in the diagram, comes from "the server"?
Which kind of section are we talking about? Basically I skipped it
into
the documentation because developers are able to provide their own but
you can see an example here:
https://github.com/aerogear/aerogear-js/blob/master/tests/unit/crypto/aer...
(that was used only for unit test purposes to guess the output)
If you think that's not enough I'm fine providing an example about how
to properly generate the key.
Not sure we need it on the gist, but I think it does not hurt.
No problem I will
create a branch at aerogear.org for it and add how to
properly generate the keys.
I understand (like in the test) that we locally generate the key, but
the first diagram (for instance) was a bit confusing. Now I understand
it is an option, e.g. to request a key from a server: so it is really
up to the developer (e.g. request a remote key), not up to our library.
TBH the
idea of those diagrams was to suggest some scenarios to discuss
with the team (to guarantee that I'm not suggesting something insane or
impossible). We can do both or not, either way is possible to elaborate.
Scenario 1 - Let's think for a bit about the current situation, if the
key is locally generated by the app and the device is stolen would be
easy to an attacker to decrypt that data right? So that's the reason why
that must be a remote request as you mentioned, we must be able to
revoke those keys.
Scenario 2- The client generate it's own key and the server also do the
same. When you authorize client key on the server we are able establish
a key agreement between the two parties to start the encryption tango.
Makes sense?
Our library "just" uses any given key, or am I wrong ?
Our library can accept any given key for local encryption, but I would
do not encourage. What all the client libraries must do to while we
don't have a server?
1- Generate the keys
2- Encrypt the data
3. Think about how to properly retrieve the key for
encryption/decryption. For example: for Android I know we can do it with
KeyStore
http://developer.android.com/reference/java/security/KeyStore.html (but
I can be wrong)
>
> * PBKDF2: However, in the (outdated?) gist we use a function
> (AeroGearCrypto.pbkdf2()) to get access to the Pbkdf2 class;
I don't think so, once the code wasn't merge I can't make assumptions
into something that "might be" merged.
not sure what you mean.
-Matthias
--
abstractj
8:19 a.m.
On Thu, Oct 10, 2013 at 3:09 PM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
Ahoy answers inline.
Matthias Wessendorf wrote:
>
> On Thu, Oct 10, 2013 at 1:58 PM, Bruno Oliveira <bruno(a)abstractj.org
> <mailto:bruno@abstractj.org>> wrote:
>
>
>
> Matthias Wessendorf wrote:
> > Thanks for putting together the gist; I did read several times over
> > it, and I guess it mostly makes sense :-)
> >
> > However I do have a few (minor?) questions:
> >
> > ===JavaScript:===
> >
> > * key: generatedKey,
> >
> > where does the generate key come from ? Is that a key that, as
shown
> > in the diagram, comes from "the server"?
> Which kind of section are we talking about? Basically I skipped it
> into
> the documentation because developers are able to provide their own
but
> you can see an example here:
>
https://github.com/aerogear/aerogear-js/blob/master/tests/unit/crypto/aer...
> (that was used only for unit test purposes to guess the output)
>
> If you think that's not enough I'm fine providing an example about
how
> to properly generate the key.
>
>
> Not sure we need it on the gist, but I think it does not hurt.
No problem I will create a branch at aerogear.org for it and add how to
properly generate the keys.
that would be sweet!
>
> I understand (like in the test) that we locally generate the key, but
> the first diagram (for instance) was a bit confusing. Now I understand
> it is an option, e.g. to request a key from a server: so it is really
> up to the developer (e.g. request a remote key), not up to our library.
TBH the idea of those diagrams was to suggest some scenarios to discuss
with the team (to guarantee that I'm not suggesting something insane or
impossible). We can do both or not, either way is possible to elaborate.
makes perfectly sense, and this thread already is providing good set of
info!
Scenario 1 - Let's think for a bit about the current situation, if the
key is locally generated by the app and the device is stolen would be
easy to an attacker to decrypt that data right? So that's the reason why
that must be a remote request as you mentioned, we must be able to
revoke those keys.
+1
Scenario 2- The client generate it's own key and the server also do the
same. When you authorize client key on the server we are able establish
a key agreement between the two parties to start the encryption tango.
+1
Makes sense?
It does!
> Our library "just" uses any given key, or am I wrong
?
Our library can accept any given key for local encryption, but I would
do not encourage. What all the client libraries must do to while we
don't have a server?
1- Generate the keys
2- Encrypt the data
3. Think about how to properly retrieve the key for
encryption/decryption. For example: for Android I know we can do it with
KeyStore
http://developer.android.com/reference/java/security/KeyStore.html (but
I can be wrong)
thanks for the provided information!
It helped
>
> >
>
> > * PBKDF2: However, in the (outdated?) gist we use a function
> > (AeroGearCrypto.pbkdf2()) to get access to the Pbkdf2 class;
> I don't think so, once the code wasn't merge I can't make
assumptions
> into something that "might be" merged.
>
>
> not sure what you mean.
>
>
> -Matthias
--
abstractj
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
9:38 a.m.
On Mon, 2013-10-07 at 16:02 -0300, Bruno Oliveira wrote:
+1 for having something coming from the server (entropy) on the
alternative scenario
Since the Web Crypto API [1] has not stabilized yet and we will probably
face browser compatibility issues when using the
window.crypto.getRandomValues [2], having something coming from the
server seems to be the best approach.
- Asymmetric encryption support (ECC)
var hex = sjcl.codec.hex,
keyPair = new AeroGear.crypto.KeyPair(),
cipherText, plainText,
options = {
IV: superRandomInitializationVector,
AAD: "whateverAuthenticatedData",
key: keyPair.publicKey,
data: ""My bonnie lies over the ocean"
};
cipherText = AeroGear.crypto.encrypt( options );
options.key = keyPair.privateKey;
options.data = cipherText;
plainText = AeroGear.crypto.decrypt( options );
Where will the private key be stored (local storage, other options)? Not
sure if local storage should be considered an option since it creates a
tightly coupled connection between a specific browser and the data
stored.
## Android
### Dependencies
- [Spongy Castle](http://rtyley.github.io/spongycastle/) with wrappers
for basic functionalities like: encrypt, decrypt, password salting and
key pair generation.
### Implementation details
- The bouncycastle "provided" in Android doesn't have ECDH that's the
reason why Spongy Castle was chosen.
+1 for Spongy Castle
[1]:
http://www.w3.org/TR/2013/WD-WebCryptoAPI-20130625/#dfn-RandomSource
[2]:
https://developer.mozilla.org/en-US/docs/Web/API/window.crypto.getRandomV...
10:57 a.m.
My suggestion for JS is never store the keys, JavaScript encryption is
completely tricky. For Android and iOS is doable (not saying NSA-proof)
Apostolos Emmanouilidis wrote:
Where will the private key be stored (local storage, other options)?
Not sure if local storage should be considered an option since it
creates a tightly coupled connection between a specific browser and
the data stored.
--
abstractj
4066
days inactive
4069
days old
8 comments
4 participants
participants (4)
-
Apostolos Emmanouilidis -
Bruno Oliveira -
Kris Borchers -
Matthias Wessendorf