February 2019
M	T	W	T	F	S	S
	1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28

Twitter Updates

RT @Jennekepenneke: Ik hoor dat we al weer op vakantie kunnen naar Italië. Tof! Ondertussen weet ik nog steeds niet wanneer tante Jen einde… 16 minutes ago

RT @freshcookie: @Jennekepenneke Ik snap er ook geen snars van. Alsof de wereld vergaat als je een keertje niet over de grens op vakantie g… 19 minutes ago

RT @DrewCurtis: Man creates new Twitter account, only posts Trump tweets word for word, gets banned rapidly 23 minutes ago

@Odracir1st @Boreout Die film was goed! 40 minutes ago

@kreule_yvonne 🤗 56 minutes ago

All categories

Archive for February 6th, 2019

Some links on keystore, encryption and decryption on Android

Posted by jpluimers on 2019/02/06

For my link archive:

[WayBack] android – Using AES with AndroidKeyStore – Stack Overflow
[WayBack] Android keystore system | Android Developers
[WayBack] java – AES-encrypted key store – Code Review Stack Exchange (especially the review comments)
[WayBack] Keystore redesign in Android M (which is version 6 with API level 23, and allowed storing symmetric keys in the keystore)
[WayBack] Encryptor and Decryptor for data encryption.decryption using the Android KeyStore. · GitHub, via:
- [WayBack] Using the Android Keystore system to store and retrieve sensitive information
- [WayBack] Generate symmetric key and store in android keystore – Stack Overflow
[WayBack] How to display Java keystore SecretKeyEntry from command line – Stack Overflow
[WayBack] KeyStore Explorer:
KeyStore Explorer is an open source GUI replacement for the Java command-line utilities keytool and jarsigner. KeyStore Explorer presents their functionality, and more, via an intuitive graphical user interface.
[WayBack] android-ConfirmCredential/MainActivity.java at master · googlesamples/android-ConfirmCredential · GitHub
- [WayBack] GitHub – googlesamples/android-ConfirmCredential
[WayBack] Android Security: The Forgetful Keystore – SystemDotRun – Dorian Cussen’s Super Blog
[WayBack] encryption – When using AES and CBC, is it necessary to keep the IV secret? – Information Security Stack Exchange
[WayBack] Storing application secrets in Android’s credential storage
[WayBack] KeyStore.SecretKeyEntry | Android Developers
[WayBack] SecretKeySpec | Android Developers

Basically:

storing encrypted data plus IV in preferences is OK
store the symmetric encryption key (for instance an AES one) in the keystore for the application
likely a salt is also needed, then store the salt with the IV and encrypted data

–jeroen

Presumptions:

The keystore of a specific application UUID is only accessible by only that application UUID when the device has been unlocked by the user
The keystore saves credentials in a secure way
It is OK to save both the encrypted data and associated IV

Approach (plain data is “hashed application PIN”, encrypted data is “encrypted hashed application PIN”:

store a symmetric AES key in the application key store
after entering application PIN:
1. hash the application PIN
2. use the hashed application PIN to to enter the application
3. from the keystore, obtain the symmetric AES key
4. create a cipher based on the AES key
5. use the cipher to obtain an IV, and to encrypt the hashed application PIN
6. store the encrypted hashed application PIN and IV both in the application preferences
when needing to enter the application, present the user to either enter the application PIN again or proof that they can pass the device unlock sequence (using an unlock activity)
1. if the user provided the application PIN, then:
  1. hash the application PIN
  2. try to enter the application with the hashed application PIN
2. proved the device unlock, then:
  1. from the preferences, obtain the IV and encrypted hashed application PIN
  2. from the keystore, obtain the symmetric AES key
  3. create a cipher based on the AES key
  4. decrypt the encrypted hashed application PIN using the cipher and the IV into the hashed application PIN
  5. try to enter the application with the hashed application PIN

Posted in Android, Development, Mobile Development, Software Development | Leave a Comment »

The company as a social engine – The Isoblog.

Posted by jpluimers on 2019/02/06

Food for thought about work: [WayBack] The company as a social engine – The Isoblog.

–jeroen

via: [WayBack] The company as a social engine… – Kristian Köhntopp – Google+

Posted in LifeHacker | Leave a Comment »

Delphi Declarations and Statements: Hinting Directives

Posted by jpluimers on 2019/02/06

From [WayBack] Declarations and Statements: Hinting Directives you might remember this:

The ‘hint’ directives platform, deprecated, and library may be appended to any declaration. These directives will produce warnings at compile time. Hint directives can be applied to type declarations, variable declarations, class, interface and structure declarations, field declarations within classes or records, procedure, function and method declarations, and unit declarations.

However, it doesn’t as at least these fail:

type
{ [dcc32 Error] ClassConstUsageConsoleProject.dpr(14): E1030 Invalid compiler directive: 'DEPRECATED' }
  TMyProcedure = procedure() of object deprecated 'do not use TMyProcedure';
{ [dcc32 Error] E1030 Invalid compiler directive: 'DEPRECATED' }
  TMyReference = reference to procedure() deprecated 'do not use TMyReference';

These two helped me though:

This fails too:

type
{ [dcc32 Error] E2029 '=' expected but ';' found }
  TArrayChars = array of Char; deprecated;
{ [dcc32 Error] E2029 ';' expected but identifier 'deprecated' found }
  TArrayChars = array of Char deprecated;

But this is a workaround:

type
  TArrayCharsOld = array of Char;
  TArrayChars = TArrayCharsOld deprecated;

Which works for the procedure types as well:

type
  TMyProcedureOld = procedure() of object;
  TMyProcedure = TMyProcedureOld deprecated 'do not use TMyProcedure';
  TMyReferenceOld = reference to procedure();
  TMyReference = TMyReferenceOld deprecated 'do not use TMyReference';

Bug https://quality.embarcadero.com/browse/RSP-18316

–jeroen

Posted in Delphi, Development, Software Development | 1 Comment »

	uweraabe on Are there any static code anal…
	jpluimers on Im memoriam: Gwan Tan, friend,…
	jpluimers on Rewritten version (free for no…
	jpluimers on Updating Actions (Don’t Do Thi…
	jpluimers on Delphi Mqtt Clients

The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

Subscribe

Archives

Recent Comments

Recent Posts

Blog Stats

Meta title

Tag Cloud Title

Top Clicks

Top Posts

My badges

Twitter Updates

My Flickr Stream

Pages

All categories

Email Subscription

Archive for February 6th, 2019

Some links on keystore, encryption and decryption on Android

The company as a social engine – The Isoblog.

Delphi Declarations and Statements: Hinting Directives

The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

Subscribe

Archives

Recent Comments

Recent Posts

Blog Stats

Meta title

Tag Cloud Title

Top Clicks

Top Posts

My badges

Twitter Updates

My Flickr Stream

Pages

All categories

Email Subscription

Archive for February 6th, 2019

Some links on keystore, encryption and decryption on Android

Rate this:

Share this:

Like this:

The company as a social engine – The Isoblog.

Rate this:

Share this:

Like this:

Delphi Declarations and Statements: Hinting Directives

Rate this:

Share this:

Like this: