[guardian-dev] [Guardian-internal] Help with client-side authentication certificates
Abel Luck
abel at outcomedubious.im
Tue Aug 21 18:36:13 EDT 2012
Can you outline the process a little more explicitly? That is, what is
"magic" below?
1. The user installs the app, which comes with zero certs/keys
...magic...
X. The app securely uploads data to the server
Harlo Holmes:
> actually, the pkc#12 would be generated for the device using the device's
> private key; using diffie-hellman to create its password, generated on the
> trusted destination server and then sent back to the device over an
> encrypted channel for subsequent use. this is what I'm thinking-- have not
> yet implemented it yet. if there are any glaring errors in that logic, do
> weigh in...
> On Aug 21, 2012 1:17 PM, "Abel Luck" <abel at outcomedubious.im> wrote:
>
>> Harlo Holmes:
>>> Hi all,
>>>
>>> As suggested by Michael from Briar Project, I've changed over to client
>>> certificates for authentication in uploading to InformaCam servers. The
>>> app comes bundled with the .p12 certificate (unique to the device) and
>>> should be used in the SSL handshake. I would like to install it when the
>>> user goes through the wizard (first time use.) Trouble is, I'm not sure
>>> how to install it: i know it should ask for a password, and should be
>>> installed in the keystore, but any other pointers?
>>
>> Do you mean pointers on how to use the keystore? Here's a good example
>> straight from the android devs:
>>
>> http://android-developers.blogspot.com/2012/03/unifying-key-store-access-in-ics.html
>>
>> How are the "unique to the device" certs being generated and bundled
>> with the app?
>> _______________________________________________
>> Guardian-internal mailing list
>>
>> Post: Guardian-internal at lists.mayfirst.org
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-internal
>>
>> To Unsubscribe
>> Send email to: Guardian-internal-unsubscribe at lists.mayfirst.org
>> Or visit: %(user_optionsurl)s
>>
>> You are subscribed as: %(user_address)s
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20120821/6394edd9/attachment.pgp>
More information about the Guardian-dev
mailing list