[aerogear-dev] Question around encryption for iOS push certificate passphrase

Matthias Wessendorf matzew at apache.org
Wed Feb 5 11:49:57 EST 2014


Hello Bruno,


On Wed, Feb 5, 2014 at 5:05 PM, Bruno Oliveira <bruno at abstractj.org> wrote:

> You shouldn't store your private key, please make use of the suggested
> code and let me know.
>


OK, not storing the 'private key', but instead I am only storing the IV,
salt and ciphertext, right ?


The following code is basically the (relevant) code behind the web-form
when someone creates the logical construct of an iOS variant:

https://github.com/matzew/psswd-salting/blob/master/src/test/java/net/wessendorf/salt/SecretKeyTest.java#L44-L62

In real I get all the information for the variant (e.g. its name, its
description, its certificate file and the passphrase for the certificate),
but the above has been limited to the passphrase, as everything else is not
so important here :-)

So after that I have basically the following pieces in the database:
* IV
* salt
* ciphertex

instead of the plaintext passphrase for the iOS certs.



But, now, somewhere later in in the program, I need to do the decryption to
get the actual passphrase for the stored Apple-certificate.
However, I don't see how to create the CryptoBox here, as I should not
stash the private/secret key, nor do I have access to the previous
CryptoBox object

https://github.com/matzew/psswd-salting/blob/master/src/test/java/net/wessendorf/salt/SecretKeyTest.java#L64-L85


Looks like I am missing something here

-Matthias




>
> --
> abstractj
>
> On February 5, 2014 at 2:00:45 PM, Matthias Wessendorf (matzew at apache.org)
> wrote:
> > > Ah, thanks for the hints. I have a little isolated test case.
> > In there I (potentially) store the privateKey, the IV and the
> > ciphertext in the database.
>
>


-- 
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140205/b930093f/attachment-0001.html 


More information about the aerogear-dev mailing list