Note: This document is a working progress
- Bruno Oliveira
- put your pretty name here
- User friendly interface for non crypto experts
- Advanced developers can make use of the pure crypto provider implementation.
Note: For all scenarios the authentication process was intentionally ignored.
- A logged in user wants to store sensitive data on mobile
Another alternative (We need to think about the entropy, would be nice to have something coming from the server)
- The mobile device goes offline but the sensitive data must be protected
- The data must be backed up on the server, but passwords can't be exposed
- The application was installed into another device and the keys must be revoked on the server
[Under development]
- User wants to configure for how long the keys will be considered valid
[Under development]
- Device was stolen and data must be destroyed
[Under development]
- sjcl with wrappers for basic functionalities like: encrypt, decrypt, password salting and key pair generation.
-
The size of sjcl library is still a concern (28K)
-
Crypto bits were built in a separate module so it may be included/excluded in a custom build.
-
The project will be developed under AeroGear.js repository (aerogear-attic/aerogear-js#57)
-
Password based key derivation support (PBKDF2)
myEncryptedPassword = AeroGear.password("strong");
-
Symmetric encryption support (GCM)
-
Encryption:
var options = { IV: superRandomInitializationVector, AAD: "whateverAuthenticatedData", key: generatedKey, data: "My bonnie lies over the ocean" }; var cipherText = AeroGear.encrypt( options );
-
Decryption:
var options = { IV: superRandomInitializationVector, AAD: "whateverAuthenticatedData", key: generatedKey, data: cipherText }; AeroGear.decrypt( options );
-
-
Message authentication support (GMAC, HMAC)
[Under development]
Note: The implementations below are currently under discussion at aerogear-attic/aerogear-js#62
-
Hashing support (SHA-256, SHA-512)
digest = AeroGear.crypto.hash("some message");
-
Asymmetric encryption support (ECC)
var hex = sjcl.codec.hex, keyPair = new AeroGear.crypto.KeyPair(), cipherText, plainText, options = { IV: superRandomInitializationVector, AAD: "whateverAuthenticatedData", key: keyPair.publicKey, data: ""My bonnie lies over the ocean" }; cipherText = AeroGear.crypto.encrypt( options ); options.key = keyPair.privateKey; options.data = cipherText; plainText = AeroGear.crypto.decrypt( options );
-
Digital signatures support (ECDSA)
var validation, options = { keys: sjcl.ecc.ecdsa.generateKeys(192), message: "My bonnie lies over the ocean" }; options.signature = AeroGear.crypto.sign( options ); validation = AeroGear.crypto.verify( options );
- Spongy Castle with wrappers for basic functionalities like: encrypt, decrypt, password salting and key pair generation.
-
The bouncycastle "provided" in Android doesn't have ECDH that's the reason why Spongy Castle was chosen.
-
aerogear-crypto-java will be the main repository to provide a crypto API for Android and the Java server.
Note: The implementations below are currently under discussion at https://github.com/aerogear/aerogear-crypto-java/tree/refactoring
-
Password based key derivation support (PBKDF2)
Pbkdf2 pbkdf2 = AeroGearCrypto.pbkdf2(); byte[] rawPassword = pbkdf2.encrypt(PASSWORD);
-
Symmetric encryption support (GCM)
-
Encryption:
CryptoBox cryptoBox = new CryptoBox(new PrivateKey(SOME_SECRET_KEY)); final byte[] IV = new Random().randomBytes(); final byte[] message = "My bonnie lies over the ocean".getBytes(); final byte[] ciphertext = cryptoBox.encrypt(IV, message);
-
Decryption:
CryptoBox pandora = new CryptoBox(new PrivateKey(SOME_SECRET_KEY)); final byte[] message = pandora.decrypt(IV, ciphertext);
-
-
Message authentication support (GMAC, HMAC)
[Under development]
- Hashing support (SHA-256, SHA-512)
[Under development]
-
Asymmetric encryption support (ECC)
KeyPair keyPair = new KeyPair(); KeyPair keyPairPandora = new KeyPair(); CryptoBox cryptoBox = new CryptoBox(keyPair.getPrivateKey(), keyPairPandora.getPublicKey()); final byte[] IV = new Random().randomBytes(); final byte[] message = "My bonnie lies over the ocean".getBytes(); final byte[] ciphertext = cryptoBox.encrypt(IV, message); CryptoBox pandora = new CryptoBox(keyPairPandora.getPrivateKey(), keyPair.getPublicKey()); final byte[] message = pandora.decrypt(IV, ciphertext);
-
Digital signatures support (ECDSA)
[Under development]
[TBD] - http://oksoclap.com/p/iOS_Meeting_(Security)
[TBD]
- Password based key derivation support (PBKDF2)
[Under development]
- Symmetric encryption support (GCM)
[Under development]
- Message authentication support (GMAC, HMAC)
[Under development]
- Hashing support (SHA-256, SHA-512)
[Under development]
- Asymmetric encryption support (ECC)
[Under development]
- Digital signatures support (ECDSA)
[Under development]