[aerogear-dev] AeroGear Crypto API - Draft 0. Your brain is required

Bruno Oliveira bruno at abstractj.org
Thu Oct 10 07:58:06 EDT 2013

Matthias Wessendorf wrote:
> Thanks for putting together the gist; I did read several times over
> it, and I guess it mostly makes sense :-) 
> However I do have a few (minor?) questions:
> ===JavaScript:===
> * key: generatedKey,
> where does the generate key come from ? Is that a key that, as shown
> in the diagram, comes from "the server"?
Which kind of section are we talking about? Basically I skipped it into
the documentation because developers are able to provide their own but
you can see an example here:
(that was used only for unit test purposes to guess the output)

If you think that's not enough I'm fine providing an example about how
to properly generate the key.
> Java
> * CryptoBox: It is used for different algorithms (GCM and ECC), like a
> "ToolBox" / "ToolChain", right  ?
Once there are several tools named "ToolBox, ToolChain" outside there I
will avoid comparisons. CryptoBox is the class responsible to accept a
single key or a key pair and encrypt/decrypt the data.
> * PBKDF2: However, in the (outdated?) gist we use a function
> (AeroGearCrypto.pbkdf2()) to get access to the Pbkdf2 class; 
I don't think so, once the code wasn't merge I can't make assumptions
into something that "might be" merged.
> I can't see that in the code - there a direct usage of the Pbkdf2
> class is present.
Until we get that code merged, I think is reasonable to keep it as is.
> Now, wondering about the different 'access' mechanisms
> (AeroGearCrypto.pbkdf2() vs. CryptoBox), does it make sense (honestly
> not sure) to add the 'PBKDF2' to the "CryptoBox" as well ?
I don't think so, because they are used for different purposes:

CryptoBox - Accept a key or a key pair for symmetric/asymetric encryption
PBKDF2 -  For passwords as we discussed
> @iOS
> we had a kick off meeting early this week, and now trying to see how
> we move on. A few infos are available in this forked gist:
> https://gist.github.com/matzew/7cdf1831c55e3d656477
> More to follow....

Let me know if something is not clear.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
Url : http://lists.jboss.org/pipermail/aerogear-dev/attachments/20131010/8bc18bc1/attachment.bin 

More information about the aerogear-dev mailing list