[aerogear-dev] Question around encryption for iOS push certificate passphrase

[Bruno Oliveira]

There is no magic, the password must exist in some place. If not possible require the password, is possible to follow the same approach provided for password reset functionality.

If you want to stick to the KeyStore, you still need to provide the password in some place, but that’s more suitable when you have a key exchange or something like this.

So if you patiently read my the code proposed, you will realize that is possible to achieve it via property file, database or whatever:

@Test
    public void testPasswordValidationWithRandomSaltProvided() throws Exception {
        Pbkdf2 pbkdf2 = AeroGearCrypto.pbkdf2();
        byte[] salt = new Random().randomBytes();
        byte[] IV = new Random().randomBytes();
        int iterations = 100000;
		
	read.secretFile(“secret.properties”);
	String PASSWORD = read.load(“password_to_my_superpassphrase”);

        //Encrypt step
        SecretKey secretKey = pbkdf2.generateSecretKey(PASSWORD, salt, iterations);
        CryptoBox box1 = new CryptoBox(secretKey.getEncoded());
        String passphrase = "My bonnie lies over the ocean";
        byte[] ciphertext = box1.encrypt(IV, passphrase.getBytes());

        //Decrypt step
        SecretKey recoveredKey = pbkdf2.generateSecretKey(PASSWORD, salt, iterations);
}

If it’s not clear, let me know where should I introduce this functionality rather than a pet project and I can do that.

--  
abstractj

On February 5, 2014 at 4:47:04 PM, Matthias Wessendorf (matzew at apache.org) wrote:
> > as said in the comments, I don't have that PASSWORD here
>  
>  
> That is only submitted when the user creates a new iOS variant,  
> it's never entered when the server tries to connect to the APNs