Request for documentation about conceal HOT 11 CLOSED

Thanks for the feedback. I'll update it by tomorrow.

from conceal.

Were you looking for specific examples to do some particular thing?

from conceal.

a sample app would be great. in my case it would be helpful to know how to get the keychain associated with particular encrypted data (for say, sharing stuff over bluetooth streams securely). thanks for the response

from conceal.

I think I understand what you mean. In short, the keychain system currently does not have a discovery service for the key for an id, however you can always create a custom keychain manager which is id aware:

Obviously this is not complete but it really also depends on how your application stores data

class KeychainManager {

        Map<String, KeyChain> mKeychains = new HashMap<String, KeyChain>();
        SharedPreferences mSharedPreferences;

        public KeyChain getKeyChainForId(String id) {
             if (!mKeychains.containsKey(id)) {
                  mKeychains.put(id, new SimpleKeyChain(id));
                  maybeRecordId(id);
             }
             return mKeychains.get(id);
        }

        private maybeRecordId(String id) {
           // record id in persistent store if present
           Set<String> ids = mSharedpreferences.getStringSet(KEYCHAIN_KEY);
           if (ids == null) {
              ids = new HashSet<String>();
           }
           ids.add(id);
           mSharedPreferences.edit().putStringSet(ids).commit();
        }

       void destoryAllKeys() {
          Set<String> ids = mSharedpreferences.getStringSet(KEYCHAIN_KEY);
          if (ids == null) {
            return;
          }  
          for (String id : ids) {
               new SimpleKeyChain(id).destroyKeys();
          }
       }
 }


class SimpleKeyChain implements KeyChain {
    String mId;
    SharedPreferences mSharedPreferences;

    final String KEYPREFIX = "KEY";

    public void SimpleKeyChain(String id) {
       mId = id;       
    }

    public synchronized byte[] getCipherKey() throws KeyChainException {
         String prefKey = KEYPREFIX + mId;
         String key = mSharedPreferences.getString(prefKey, null);
         byte[] keyBytes = null;

         if (key == null) {
           byte[] keyBytes = maybeGenerateKey(); // from the SharedPreferencesKeyChain
           mSharedPreferences.edit().put(prefKey, key).commit();
         } else { 
            keyBytes = key.getBytes();
         }
         return keyBytes;
    }

    void destroyKeys() {
      // similar to SharedPrefsBackedKeyChain
    }
   ....
}

How does this sound. Did I understand your question correctly?

Ultimately we need to provide a Key management API which might be useful to you, until then you could possibly work around it with your custom key api and it shouldn't be too hard to implement.

from conceal.

hi again, i ended up with something similar. thanks for this.

also, would it be possible to decrypt the content directly from the bluetooth inputstream or would you advise creating a new stream for decryption?

from conceal.

That's great. I think key management might be a useful feature in conceal.

I think you could just wrap the bluetooth input stream in the crypto stream for decryption

first create the crypto object using your particular keychain and then use:

InputStream wrappedStream = crypto.getCipherInputStream(bluetoothStream, entity);

from conceal.

i tried what you suggested, using the sample bluetooth chat app (https://android.googlesource.com/platform/development/+/eclair-passion-release/samples/BluetoothChat) and changing the ConnectedThread constructor like this:

public ConnectedThread(BluetoothSocket socket, String socketType) {
        Log.d(TAG, "create ConnectedThread: " + socketType);
        mmSocket = socket;
        InputStream tmpIn = null;
        OutputStream tmpOut = null;
        InputStream cryptIn = null;
        OutputStream cryptOut = null;

        // Get the BluetoothSocket input and output streams
        try {
            tmpIn = socket.getInputStream();
            tmpOut = socket.getOutputStream();
    >>    cryptIn = crypto.getCipherInputStream(tmpIn,entity); << gets stuck on this line
            cryptOut = crypto.getCipherOutputStream(tmpOut,entity);
        } catch (IOException e) {
            Log.e(TAG, "temp sockets not created", e);
        } 
        catch (CryptoInitializationException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (KeyChainException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

        mmInStream = cryptIn;
        mmOutStream = cryptOut;
    }

it gets stuck on that line, but without returning any kind of error or stack trace. also i'm passing the keychain name between the devices via beam before calling ConnectedThread.

from conceal.

The way that socket streams work is that they block until data is available to read. Are you sure you're flushing data from the other side.

from conceal.

since the messages i'm sending between the devices are pretty short, i'm looking into using the encrypt/decrypt methods instead.

is it sufficient to pass the cipherkey and the entity name between the devices to have device B decrypt a message from device A?

from conceal.

It would be sufficient to pass the keys between the devices, and then initialize a KeyChain using that key, but you have to probably consider how you are going to get the keys between devices without someone sniffing them.

Another suggestion is that you might want to use 2 different keys for each direction of communication

from conceal.

using the byte[] methods encrypt and decrypt worked out for me, now i just need to make sure that swapping keys over Beam isn't a terrible idea.

thanks for all the help!

from conceal.