[aerogear-dev] Question around encryption for iOS push certificate passphrase

[Bruno Oliveira]

On February 5, 2014 at 5:47:24 PM, Matthias Wessendorf (matzew at apache.org) wrote:
> > yeah, but that is really per variant, not global. So we would  
> need a lot of these secret file :-)

You’ve probably misunderstood what I said, but that would be silly and impractical, I didn’t say that, right? If you don’t want to require an input every time, make use of SINGLE key to encrypt the passphrases that’s what was suggested.

>  
>
>  
> Perhaps I am wrong, but I feel that if (for iOS variants) we start  
> to require "password_to_my_superpassphrase" on the request  
> for creating the logical construct of the variant,
> and use the same for the Sender, we would have that magical password, 

That’s what I’ve already mentioned, the password MUST be provided. And there are a gazillion of solutions to the same problem outside there.

> but I fear that this opens a new can of worms.

Why?

>  
>  
> The AGPUSH-358 ticket is still yours :-) I just felt looking at  
> it, while reading up on our crypto bits.

I don’t bother whoever will solve this ticket. If you want to jump in, feel free to reassign to you, if don’t I can look at this on the next week.