Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate private key #7

Closed
marinofaggiana opened this issue Oct 12, 2017 · 31 comments
Closed

Generate private key #7

marinofaggiana opened this issue Oct 12, 2017 · 31 comments

Comments

@marinofaggiana
Copy link
Member

Client generates a 12 word long mnemonic from the english BIP-0039 word list. The word list contains 2048 words, thus resulting in 2048^12 possible key combinations.
-OK [done]

Client encrypts the private key using AES/GCM/NoPadding as cipher (128 bit key size) and uses PBKDF2WithHmacSHA1 as key derivation, as password the in step 1 generated mnemonic is used.

@tobiasKaminsky can I see this step on your code and and example of step for check ?

Thanksssssssss 🔒
@tobiasKaminsky
Copy link
Member

Sourcecode:
https://github.com/nextcloud/android/blob/71ed02deb709a60cdde5ed5485fe08167fcff19e/src/main/java/com/owncloud/android/utils/EncryptionUtils.java#L495-L495

And a test is found here: https://github.com/nextcloud/android/blob/2a7da670369069ba12d7e21ca49ebfcab39051d7/src/androidTest/java/com/owncloud/android/util/EncryptionTestIT.java#L134-L134

It is rather long, but I wanted to use a real example and not "only" some random strings.

12 word mnemonic:

moreovertelevisionfactorytendencyindependenceinternationalintellectualimpressinterestvolunteer

privateKeyString:

MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCk1w6GoQCxLYjpxQfiETrwrbAlXg7F81VVV8wYnAEuTLFCOJRGviTyK6FOBvf9HDL08MoeKTNN5Q9X7QNr1dNiX8hvS5COR2KXi959K4pZCXxiywDkArOjNl3rrPnm2UZ0AUO5sN1QfBmrEBRj1xwr7cZHPbT4DJJZDHcrpiwuqj88sfAjO14qYq8ENzZujjmOfVl9mvZbQIrME9YqNxcXWp06N8Vh2+zrsevoxXlWJwdRJrKJb1c57ZIvpWKzhJLiOjIv7CHy6z3CbF5UrHNz6lTbiVMmRVnoM6tlq10E5m08BzgG3YghMMNprQ1XDeyorAjEVe6FSlYexBwHvSfXUj8w+AU1UjvU7vtznz4k/EhI3EXEi4Etj0E/Qr99suCacPDS7nTjxqajKA77CFwYe1P9GAfwNkoSEZN2yGBuouNAXdGdGRBIuO0MNX0FP/fQHVbQ2+s9tNLNzutfXmyRFmgXN8p2EAZrZSAqxvZCbrIcSaVTiUa++NjMp6w/laOfkzg1eoOJyUm+7hgI0/OabtREI8rY08y8Qy3xO9EBdSiUrwNe7oma/YAZvCIbv7xx+RCqki096PvQwprzmq6qgNE+BKh3n2qFwqhv9EgaDqPGLISYP1Kw1ec6a3bmpSPTOEgtJgrqvSHd2I29dGkmDjyIKRs5oPUfRHUDhl3xswIDAQABAoICAGY2B4bJPIGgZ330s1+lKXPlbwysluJ9cNM7Xo1/5meMHHmgVajL7GLRVPLp9UlX++zPhbRP/cT2HJ57k5yA+NLN652/MEJY1zR7ARmCLwXokN09XS8E0diJNJGXL1nKLhpuUk1I8uIeIVhl3w7NamV+yWyRQa5xNSnMRfSl1E2XOSDsgKeH/2quyDEH/1NsExpcdWoh9VI94hKK1khU4peTk1xvCpAUa4L2Tv6FvCgEiU/ze88mX+LGgdfTaDFCKkXmqgn3FFHpNeFhithcGjas/bMnIozfgdEugL/JEyOfsen/2+i94tQZxYG4UUZClxU7nzAGzKCPqHjpRywxSQsGc50aH0unIOPpIOYc/ur035hqvqCCwD6vnruGKVozNQOR2FHubt315HuwrZiP3GjhEcD2XkG7XN3ECjnT9SqRfkt5+UWh+zWY6pErfYlxTYYOWTpvtff/ejlZgHhkwkbQt9OCdhVlGnfJRCKuxL5ub04R6Bt2GAcLsFPm2NZB9GTVVPFKtd4hUDRh6BA1YTvAfSFf1FiU7qzAhWfyqurChK3vLDqm0c5iRkSC9nT8t898ivpGgGSrlakv9OZv1xxh0Aq5hsJxkgos0gv+eqWfRahjR56qLNqCzr5aGJ1ovN+I56GAi7MlBIPBGBnXa9AEOvYfiocPQrmq+LQIspHRAoIBAQDaa5XVwrcm3AynLK3cLHD7hfunlgnG75LQGH+PTjYa/FDU0HVjxrM45SKpPtWpA2vAXLZquE4xL0yNWiLeKCcLGIE97GlfU2Qy+LigtODg1XnFAkVrXuC6PyUt4R4N9CpLPqqLt1aJ8YthKSqct5batDmq0KeWUXMZvwIwmZa6pz51eesfFMDHkVWnmftNtxnGW8iksUSK0iS6WnwBTT8rbAiW1n1Dpn8Rc64MpWVaRAMjvayMY48sKONVPUT+iniE2iNJYBj2lL8jcMCzRlRCMsCV8x/R55Y3vyOY9MTyyRC8ETzy0qrzGgUPaeDtUwdGpeE0GpkHJ5bKX0DvRQ2pAoIBAQDBM4JAc5tHDsy79/ooNdUDvDoT7YcdSeYXel9y5zA+QjK/zVy8ppb7USswvuPAi1afkijlzIReqDLRBfreKYw2D0Szhgdsszmud3KLMg8ZPudwpSz1HB+pRy6EkRAGMv6PJaSsq1/pXYYNLOt/EtX3rfOlqi8wYIDfWbKIE84zgtjpnwcMGzCAw4twFH6lFuFMATSGSiQPlLWQVY/tF63RUL6LDiJG1s307U00yd1tlfB43gCKGh8//mWLqrZI2ZL8tlWEPuORaoaEbg1OB9aup6Rlqe6y6CeQ1mTYRdJWYj30OPBjUQV+Zhw+v+reZvE9L0jrKINb6O5M7TPoA0X7AoIBAQC/q9+d6TReRoZYAc5EQz+WiboQE4ta5wvXz1fJQyIZxkeMqa4KM+k8yV8EVF6c5aKd+P4fYsNDSDWOaYXlnCi/BO8NjzPc8kogrMEgTfp1cwBb0SVoFqdw6U7QFxgPuK+QvlpdJzMq9CuSxNRfGICqRbPBYT9fmvQ9qK/cRDvQaklWP/oDmWue9bvLy0WLql1VA2Bsnh7/D3AplJPzdH01tqVG8MyWHDqv7urSsCXj84Ep0R3lSMzwPKVaPN0Z3hvqwZ5rmoftgxTEngKMj/AK84yrSeInimn5W6N6a3mVcLpdv2bT0+kuUiwUnZ5DxTPCXHjnB1w4uhYKW1KZZeiZAoIBADG5MwWpe0Y/fdvGx6A/spIiiIQGdubH1SsnuJcW/yiW2v7YOMzoxyTpUAdcqbstYV7yPApgp5TBD0sSke1JnidvqIvXq+ODAQ5w+Y7vlEk4ElLAgCCZW2CyzDscJpah2zg2RPqXpLin9E9Bx15OF7mGEJYLhdeajrBtInC5QDGrtG30Gtk3yjTpnuJ6s9mDWPq5uK3zOPK1oEEEdGVd2cNsV43sVlALCrjFtkAm0BFbLKe+4z6n2HEc5T+b8Qwwyw61Uq8VjHYph3Nf65awl8UdqkbsBF4RN9WkCBJNbgQDhtRrLxswiAxu9UgFFsqkjePkXoz/QUePXH158wj8hq8CggEBAKGXI9o7Siv1ZPvvyHgu4bx1QRtZ92ZI8wYAjawW28LrS2OpZOFfriSGSCXDeAqjAnrh+ObTk6H4nIrH9A13lJ/pDGh2W7xYswg6CfUAWBjXyO9C7ojuqCB0aM8zXJRhb8hB5qJkELpucQTzoyIZmW0XtNlmtPKkGm/A56Hhz5NzGQ/FdzbT3Yhp9Idf9Tnc+e0ZsQOm4rAxqv8/wWJ8RG0J18oyAEdiNeaXtLwQs5IhaEMhdook/5EHXryqXXIdOKf/5Yb5nCEeoS3gmcvIDQTF5UyJKeEKHz3CkJ/WllkKnnLd7wD0tn20rQe6F8+pulW4f4q49L5glpyGqxk7ORA=

encrypted:

CixqAgTSW9oxivbPUKFSb0HHsvWGX2QqqITAdt/riubUQVdAGsc7XhpeKkg52AUi3cjAbei+10QNEHTydF0jGp725AzoKJyi8L8x9bNeLhhBpd0tsGrOM8heVehs9WX6cWpF7oM7jLCBxD3k0mdHKflmUs8u8EXOCDhG18ltB+69JofpQ6LQK7CyqKWNbT5IB9NhPlhZAd9i/cNe1ygAPbva9HgMIz15ojoA9eT6qXZBFciNr2TvzqraUHHWVUrmCc9i2xGCyVHsX+XmNS4TgJ9CnM18bYto0eDvJwb3+Pbc3NUCSBxqS6DoKLno66DDjyzxRbE2MBHP5KAVrxcmN7QydaM4pG111O6Wx8P3vUqnkVNooF9d8e5QzruFZNTgbPR6/LlYEV6szlTiKLB8lG6GJKFPuYOsCknko/gPscQk7RGkmqa7527AvEBqKKkjxrCOzKoG83fuGB+iabGco9M3J9jHIyiq8rNO1DRPE1I5zS2FK44befqbqBgH2usrtAvJQJp7lKm3XEJIAPfNHnBPJuYa7T24KyZbi0dexytbF9bZF82Krnyr842OUpS2PtVVivxjC5XootfuGgKtjBmKIbteSnA/xB5QKhXuOiTisjPpgd2StIHaoccotl1mYNYyOiPr1KrzdSHgGpvHo0j5PUgLnrXoEtN/c2S8uFSwUnbNQw+l8CK0WBsWGOy0V/5Jp8LjoD+wSfR8lxiIo/9AbKGGFh6JRSKG0xijMQBPMJSgQVsYdvQHVVftw5A4oG8iG7L9lNaKseivT9hrC9YGKfeRpqfwkhIsHn+/VTHhbtEWfD9BSSuKwovpM5ovVPWxM7M7lFwAUPjxNSghAVnNLDTXORobo5KpRv80ULA+wjr12wJep8DbM2Q27/FVgCGoKy+klPmVixW7XiGdVyW3TUzDQfGk86EutA+SeuatxbcmLdH//NCAnhAtc4Z4cfseswZJBl2R6zFYEzGRDQYrsNEbH4CvN6cplLgcNTfMYLq7mkLNU3HwYYSP3yJQuISQ4Yfa7Lu3kg8PaWl5ri4NpMSTJUjYg+aLMJHVgToIptF/bO6g8dVAhDsi6kK6iyPDhIn9o46QMPbmsens53FwXMJUlIOl+qGBxv70eBPqc0KMyoyBrCil3pf4exLPc1d4wkqtGWBWkz5LNahIl4oHJ0rkZ+4fTEnRAPtArchQT9H4l/3QPs9OHNyTq73Dy2/6fB/MeBsLkDEEiOlIVkj6quXtGWw/g7QtFkrtkLKTXJWBU9/ZK6XPrrbOfub5tVY9fcG0FAH//2EzNA0SWR4h24cnPnjSRDfuM0/DSV+Zv8fE9lGGDMRGV+lUDtd5b50kk2ieIwWq3eNyARAznRLgaw6P+XW6yNKwwVAihuJQZe8aikBA/MGDYzlKi+1QSco2tXuf+hGG7opIB7rRg3R4GI0HWNXPTpV+XJshojoZM4+s6mEDLQu7tOy0smT+nR7q8DHJHTmUvVh9DxhZeS7R2YCokmGqziaDqDGWiREAoncwhcCJKrBE7dkcgJIx7tB9U1HnR8kaTSHYafav/js6sKkhKKE/5U26DAvlsaot9h17zepAfhHgXILi2TH08N2PZEKgcrZ0btNwtjKmeBWoUzKp4v25U7smecJTQyRd65FVPJe3af+ZfBjhxO0lRsvyFd5nHZULqGHPbKdw0Mbg+d5Cop7PQX1MSwy0wlOGWkXXtSuwLQ4zO3OM+WnGB7cuvwUOsZYlhjuDfWRzAHp79Ct0bIsMa7e2l23kx+iPaQyofZXwP3C4C/BVr2j3xzUxMPFVXPdxMwiSTOV1jxDSfSfog1tMkeDYK7mYEJWhn6WGBehOqm91CLUm6/TN5IyFO7Gbo88UM996Sl36IXWevWixTSe3LzDUfx9O91FnGx2kteELyBMot7jVyyZz10htpiDNRL7cXqdY73dlHjXnd3pX2mW1H41wqRYhZ+9YpcfOVGjdDzJka7P/J5sMxZyLDeJchy6vyeWRkqDSH3Fd4h8bnn+0xmaGO11xwkcfJ6FAtof6VVCSSQxE/kEXNr3ui+8ycrfWnZyaJvmJ2GpDPeoLUqs7wCGHPR+zfhJw+1vuCUMq8IrwkV4mlwvxwlPZb85+TBvKq2soLPWkeqHlb5zXne16EP+7I5YP3hXngJc6vSMxlEJrxvNyIijdYImT50m9B9X2os9WR+Fogghw/bFE9BKuOmN7hR8njMJL9e9xSGkVT7tbYfnBC4ZlIGlRrbp0w20vtf939qkBmYMdkyfg5Mh7eHQLFyNY98+l+dtCm5rhx7VO9W+lwz8cIlO5J7OnYtVh1RZvmuweVUQ/pXkDgw/+ZhJKAjK1FfzAegoIAhpfgVtXiaothUdKzZK5IXs+Ga63xw0QIXSpcLHrhkqgW8VMI6UDSwyK4+I7gHzp1U6BsTJwIbdsf76Pf3I3q8GkSF7SVEsG6rdr5lu84+n5wfTtYjjKAxJkr33v42ru1djtNjY+Ed/X5v41KhcmZ3MhwbOyXQeE77kfptDDUker4uxvFFRq5iKbSuPjRceVsET+xQsDIXl9C/1G9YqS3uP433q6WmDAmsPBl7w7OGyU3lgcgLWKj7BhZTADTT5i/vSxz9bt/6EULHhGm0E77s7JNvQgF4tlLqudSeo8pFa0S6pZ32y0cJ9Px85mWlx/k31SPNIU8nIU93YWGKrSFL0xV83NjnCG5roZpPxOE4+Shuu4674rtpEhudOBcnOr8TANPfWBD1/UICP7Lf0OhUUmdm7ERt50KWbT5W4hiqNbJAGK9cprGEGv7nsdvpa5f0OO9iBK76yt5VeX12vij2sUTFbtV1G4QLdYV++CugMlby4pfGaZllFepJRCceVN/OqJ9UNZNgu3pOjk8yaRalcaFdu6u6YFJ+oTUpYjvSLBulBj88giZG0pphfdQJfov6acCwgFnGU9otuHpkxo95+ZHuOvwY5RBdCZ7QNiCr3QW0k0cg5h4z4MXgIn5FO+gCluIOJS/aHXhF4jwXKwEU0Fmc6NeRvUcvt8/VZPSryvBkMRROR1r30/ibVSEkqsiEB6dqUcch4NUX5xyB6rHjB+ZvCFogkBTvk3/b+SvK7YHCzGNo5KVTitS79PAlRdXwg4ZgV3E1i/5ggNIt3boa1HHFhXc1ve+fRaf5oHKA0FZcQexPeDBdp63zbuiIM3FMKZf2ecjXsdaYwYKZDafpxAoHok8jxmsM+SWZC88HbnujEBELWR+qzwEVqgmsZxVbgWy8gDwicPWsrHvdhnEg2QVtJU+xhSxbdBaWCVG0aZZYzfUrgTs3/LvvFzopNYWBHWnW3XiHK77/B3WoMauUt7pp5lstFq5qElwuOaH9MRBAnskLkExU7OuaFHrIjFSJG21qXhJHhvwVrWQSfW8LWgu2jzdrutqZ1XhFkMx3oIL94XNUYR1Bx9ShUipiKrXnZUnonup0RfVZq/y69tybAR3JedAmup3uvlDOVSQKkT1mRRls1Tu/5zRChNDpeGDQSHk3fmq+Fx3ugnTnKgCNa3EqG59B/5+mVZ9DN7cAXGxlxCLGUDaWzo54U850K8prGAcXNjJzn5WzqOIV924fTq1cfof9ePhaQXhfr8JhQg9Ohg/aRjtyFNuVH0YANRGESoTqPipoIACkvNMGpbZMIWbhwnB5utb/UCZOkWjTKJE0LSjm+TdrstKqBYXVIhnCKGzglcNajiEuISL+pAdXpYAL5B7EBVrrBG6URIqCis+I/eaPoEUaxuLPdYgu9PX6h6YGKVo64XXYQ1HiVtCV/wWD089iiQlz/SheGO2kYTQfJzVTvkvYnG72X70wiasPyFdnqKvaVODnQtN/lqcvFGfdimfjwITw0mmcRM54AL8o7IEJ4KGNvuVcYX9/5SK4USNy+jLaQ5mWSCT4qRWYNUYoiojxBLfYaJt6tcTaah/UB0MQBLwa3SKbbnEkipoUBgmyk1YVIkgVK73WDd1USTfGAFey77owCC86h1OalI51XwoCaOELZtYvzmJ8B2dxi/NqB5VYhUo82JTjUqpKj96CdobcPww8nrYrntgzcqPpyOBy6nkYmzT0mq/gfClf4iBKlDcni/MyTJsWzhflbYxRBYl2KVdW0YyluXNNZEvjoGxw9gn2X6hjfqHNbuztgzt6JLFJEIuYTv/zw4ngUvPJtJxf6pc+ifdKmet/P7Isw03ODk3BdlSRgruBGTl30ovvkQiit/n75YxD/s/YBSML2ZvR5uj49JV8nRrLOZ24nLTpGzUFpo2DZuzxZqGiA6KneS+q8eOdyUjk9h1/fwhdKhSx7kdmB6J/cxGdDIgccuMBM5904lxG2WHNupzDek93gMMkAMrTcHA4jdsWitAuwVL1IZCZwtmTYZzAHZi6Aj5DJ/G518yODLhs/AP6Cwut6Vd91PsOmZa4xtr19DjPIWLg0qoTtMbQq3xBn6/05Y4bMN6uGjj+L0dWC+pcjWy4IBQW5Jk2mXLvGLRx4VuspLoJhxu9EGyfDly8geGA3wQrVki2rb57udbCJH2cZF6DAw7nSB7kWje3NKc/GRpitIfiBewwU3MtABU96wKKIDM9jWD6riwniKfKXv+cr6C+2GvbwSqG/sYLch02sKjNiaZY+AsyqjGlEYTRU2ynluMxxiphJ9FJdqafZq0J74fQiWtWQd/nEOhyon8f9nq6aBIU6vgm6NhJlL5vy/in4Loc+9aunUV4MZyJ757YLGC1I3cpm0WLugL0rcZVTPhMxkB08TgntZy1RXBA0z6q0sJPCEX8XWCdzjfTdlW19fX5Y7sP39faoWOUhzU2r1jO+4sk3Adxm9gZV37tyMjXC+1CSxjQHyC44mjXYFthr6lf4hGHOy/na1hKlU2CTNKsH0WLUWZNzwxGiKn7ngTMy8uYn+XNwi6qcOlJ4+hASnz584+JD5tuBU7LSvx24s1HOY+1zAWOp6otdy19db30umysQv+IaFLbfEObKQAV8Gxd3jS+1Fbtr26ogbO0u+Q8RRgYLzmEGlDCdLT3CrxHAZNrhb/UPsLL+3q6xsehcfn6ybWsX25oClwRiLBucmdJ2QmLNErx236etAhcSXpETWnyf9iQas/1s6SgoV2Rpv+oYo2PktCwYvE457FfwCPIIkjgKA4YbPDlx+bwDtkSu9PXi2ajxgQCmzh4b2BrEPejrNpU/C9+PFWcMsUzkE6OBg5j1aTK/cUv2d99DLzA4g33UGmejHJL8TKvzJ0Og6xPqa6VusDx41Jn1uStFo9+7viIf9YHM13PFsZmUJF99YfFhYk5KTo32MyfkSIHQsjkOx8EaqQF8WKt+ooxiXccM7FrybOzjLB/R+C/sUcsiK/g7LmcXL0KN/OAYDWtSWRWUoxRxfJw6baSjrD6k7l+h+mXRq6gHjv1Aw3pRuEbulRoY99RBLa1s0eHClSDfy8E5/rZdh1uZP7vcYBo49AlLwBaLPFl7W1ZzLKMqojRCv5+5G4YGjxI35PfW1daXy016sQFEr1QQg1XCVlumyR8VKuH5ULmM9bZiO8l4jbWi6OFgyEBxxslYscbFFxxU/VLYqpSXsv8rLloIf3REqkOVxqw+y4fAHSv5y4w6y/Vxnc7Ri1vqpIPXtaXnhZopRFXEGbHN5tbcF7IP3PN77Nm2Na5vhA/iLAA==fA==YaxI1X7vxEf3MRv0

@marinofaggiana
Copy link
Member Author

Thanks !! @tobiasKaminsky !!

@marinofaggiana
Copy link
Member Author

marinofaggiana commented Oct 13, 2017
edited
Loading

@tobiasKaminsky , first step :

PBKDF2WithHmacSHA1

salt = $4$YmBjm3hk$Qb74D5IUYwghUmzsMqeNFx5z0/8$
password = moreovertelevisionfactorytendencyindependenceinternationalintellectualimpressinterestvolunteer

secretKey output : NknhSReUhcuSY2u+pEIgLPl+h8Bhore3JPHPhbDVqFlYH8xJACwuKRKlmglp0Z9WMH2QJMyoFIYKbmVT4UAOVyud9+LMvfwvjNsTV5qzk2IfEWn1WdqvuNW4deDRAw440yrt49dqUQWR98we9HlxI16fGbRf/7cPneIxG3V7P2c32yqo4YIXdgO2xBx8QuVMnDeZWvdloVjqIf+xsDeFrAvi91ubYlnpBCnta1LyBI7Dxv2cUDTlmC0jz+Z+PPZAGATv6G471xcTLlPzxzhckLNm8Bt2s5+EBhRVvT1q2KVvIBrs/PpkLMxlIWjIS7j8QDqsYIg4708POqELPjeaoQ==

Confirm ?

This output is the key for AES/GCM/NoPadding , but IV ?

@tobiasKaminsky
Copy link
Member

Oh, yeah, I forgot this:
The IV is directly appended to the encryptedBytes with a delimiter (base64 encoded "|"). This has to be done as we have no other way to store IV.

@tobiasKaminsky
Copy link
Member

Encrypt:
https://github.com/nextcloud/android/blob/71ed02deb709a60cdde5ed5485fe08167fcff19e/src/main/java/com/owncloud/android/utils/EncryptionUtils.java#L513-L513

Decrypt:
https://github.com/nextcloud/android/blob/71ed02deb709a60cdde5ed5485fe08167fcff19e/src/main/java/com/owncloud/android/utils/EncryptionUtils.java#L534-L534

@marinofaggiana
Copy link
Member Author

marinofaggiana commented Oct 13, 2017
edited
Loading

@tobiasKaminsky I have ended this, server response with 200.

Status :

  • PublicKey store on Server OK - 200

  • PrivateKey store on Server OK - 200

  • PublicKey get OK - 200 DATA

  • PrivateKey get OK - 200 DATA

and now ? for make test if is all correct ? before Metadata struct for directory/files encr ?

@tobiasKaminsky
Copy link
Member

If you create a new user and send me the 12 word mnenomic I can try to use it on android.
This way we can test if everything related to keys is working.

@marinofaggiana
Copy link
Member Author

marinofaggiana commented Oct 16, 2017
edited
Loading

I have use your mnemonic : moreovertelevisionfactorytendencyindependenceinternationalintellectualimpressinterestvolunteer

User : nc

@tobiasKaminsky
Copy link
Member

Cool. Now we know that android -> iOS works.
Then please create a new user and then create a public/private key from iOS. Then I can test it the way iOS -> android works 👍

@marinofaggiana
Copy link
Member Author

@tobiasKaminsky a question, when "Assume that no key pair exists on the server" the mnemonic is automatically create from client ( BIP39) and "displayed" to the user with the possibility to displayed next from password-touchID from keychain etc ?

@tobiasKaminsky
Copy link
Member

I present the mnemonic during inital setup within the app.
Maybe @jancborchardt has another idea how to do it on iOS?

@marinofaggiana
Copy link
Member Author

marinofaggiana commented Oct 16, 2017
edited
Loading

@tobiasKaminsky where is in Android the function(s) for test key pair from server + mnemonic ?

Thanks

-- DONE --

New request @tobiasKaminsky, detail of :

-3- Get public system key from server to validate the signature of the users public key.

Thanks

@marinofaggiana
Copy link
Member Author

@tobiasKaminsky on your Server is not possible create file/folder .... please check

Thanks a lot

@jancborchardt
Copy link
Member

@tobiasKaminsky @marinofaggiana the flow should/can be the same on iOS as it is on Android. :)

@marinofaggiana
Copy link
Member Author

@jancborchardt maybe yes ... maybe no 😄

@marinofaggiana
Copy link
Member Author

@rullzer @tobiasKaminsky

Exists an issue from the encrypt aes_256_gcm from Android and OpenSSL (iOS) see code :

https://github.com/nextcloud/ios/blob/3c4917dc102c6a93ea464b676a96342be37f7af4/iOSClient/Security/NCEndToEndEncryption.m#L410

@marinofaggiana
Copy link
Member Author

marinofaggiana commented Oct 26, 2017
edited
Loading

@rullzer @tobiasKaminsky

Decrypt now is OK arggggggggg --> decode64 for a PEM !

-1- Why Android ecode64 a privateKey in pem format ? this is needless
-2- Why Key has removed the -----BEGIN PRIVATE KEY----- and \n after 65 chars ?? this is not a PEM format.

@rullzer
Copy link
Member

rullzer commented Oct 26, 2017

It is not PEM. It base64 DER.

@marinofaggiana
Copy link
Member Author

marinofaggiana commented Oct 26, 2017
edited
Loading

publicKey in PEM and privateKey in DER ? for me is better ONLY pem no DER

@rullzer
Copy link
Member

rullzer commented Oct 26, 2017

@LukasReschke @tobiasKaminsky I have no preference here. And the spec is incomplete. But sticking to 1 format seems indeed best.

@marinofaggiana
Copy link
Member Author

The decryptAsymmetricData required PEM format :

RSA *rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, 0, NULL);

as encryptAsymmetricString required publicKey in PEM format :

unsigned char *pKey = (unsigned char *)[publicKey UTF8String];

// Extract real publicKey
BIO *bio = BIO_new_mem_buf(pKey, -1);

@rullzer
Copy link
Member

rullzer commented Oct 26, 2017

Well this is just the implementation you use, there is also a bunch of other functions that take other formats. The openssl EVP allows keys in almost any format. (See d2i_PrivateKey_bio etc).

Anyway, as I said. I don't have a preference but lets wait for the others involved to comment as well.

@marinofaggiana
Copy link
Member Author

oh yes yes but for me only 1 format :-)

@tobiasKaminsky
Copy link
Member

I can change android side to store the private key as pem on the server:

-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCugMtFFbJiSHFwY
RxdpVZFt+8kecJyG2a3kHRSEODG1hhIZsc31eyQVOc/nWa+mrPw1Lzq44hL+aj41x
...
Qmj9/Ed144JKrhNX/iXLk/Ec0nxRj1przUTPOsYtttmPapintcLe/CFhMPzX0rWsT
BIin0DKhyLMy3B1ImhUB0IVzj5A2LMDh+IRu7qj7prbKdYcVl+6/kdHj+20NlEw=
-----END PRIVATE KEY-----

@marinofaggiana
Copy link
Member Author

Thanks Tobi, when done can you recreate on server (marino user) the new certificate ?

@tobiasKaminsky
Copy link
Member

Done, new passphrase is: domainponyremindtenfalltoiletdollsuncleversharevehiclesoldier
In Folder "1" are 3 new encrypted files for testing.

@marinofaggiana
Copy link
Member Author

thx

@marinofaggiana
Copy link
Member Author

ok @tobiasKaminsky done but why encode base64 the privateKey ?

@tobiasKaminsky
Copy link
Member

https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-them

.PEM = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a “—– BEGIN …” line.

https://github.com/nextcloud/android/blob/8d4fe1db193873c0fe8182139ab3d43afb8ee44d/src/main/java/com/owncloud/android/utils/EncryptionUtils.java#L551-L551

privateKey.getEncoded() is a byte array (byte[]), so this cannot be directly printed as pem.
But now it should be consistent to PEM definition, or?

@marinofaggiana
Copy link
Member Author

PEM format is base64, why base64 again ? convert you array byte in normal string UTF8

@tobiasKaminsky
Copy link
Member

tobiasKaminsky commented Oct 30, 2017
edited
Loading

Simply transforming a byte[] to string results in:

0�������0� *�H������������0

I think I am now according to PEM format?
nextcloud/android:src/main/java/com/owncloud/android/utils/EncryptionUtils.java@8d4fe1d#L551-L551

  • prefix with "----BEGIN"
  • encode byte[] to base64
  • suffix with "---END"

@schiessle @rullzer

@kruthoff kruthoff mentioned this issue Feb 12, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rullzer @jancborchardt @tobiasKaminsky @marinofaggiana