[aerogear-dev] Question around encryption for iOS push certificate passphrase

[Matthias Wessendorf]

Hello,

I started to take a quick look at [1], for a better encryption of the
passphrase for all the iOS variants (stored as plaintext ATM). For that I
started looking at our neat Pbkdf2 class, from AeroGear-Crypto.

The idea is to store both: the encrypted password + the salt in the
database, instead of the plaintext version of the password/passphrase.

Something like here:

https://github.com/matzew/psswd-salting/blob/master/src/test/java/net/wessendorf/salt/LittleTest.java#L35-L43

This works fine on things like logins:

https://github.com/matzew/psswd-salting/blob/master/src/test/java/net/wessendorf/salt/LittleTest.java#L46-L54

However, I am afraid it does not work for the iOS passphrase, required to
connect to Apple - looks like the library we use requires it in plain
text... (due to Apple? Not sure...)

https://github.com/notnoop/java-apns/blob/master/src/main/java/com/notnoop/apns/ApnsServiceBuilder.java#L159

BTW. here is the relevant usage inside of our UnifiedPush Server:

https://github.com/aerogear/aerogear-unifiedpush-server/blob/master/server/src/main/java/org/jboss/aerogear/unifiedpush/message/sender/APNsPushNotificationSender.java#L146

I am now wondering if there is something we can do for [1], in the long
run, not now?

I see the 'java-apns API' supports passing in a java.security.Keystore, but
unfortunately I am not sure if there is an impl. of that which is able to
deal w/ encrypted passwords or if something like that might even work at
all :-/


Greetings,
Matthias

[1] https://issues.jboss.org/browse/AGPUSH-358

-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140205/f97ae407/attachment.html