[guardian-dev] [briar-devel] Securely saving and restoring state on Android
Michael Rogers
michael at briarproject.org
Wed Mar 6 15:53:42 EST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/03/13 13:07, Abel Luck wrote:
> (cc'ing guardian-dev, for those readers that want more context see
> the thread archive [1] )
Hi Guardian people!
> Interesting work Michael! This is definitely something we'd be
> interested in, both for our own apps and supporting as a general
> utility for the larger developer community. Some questions:
>
> How is the process key generated?
Using the JVM's SecureRandom; likewise for the random IVs. (In the
long term we're planning to write a Fortuna implementation that mixes
the output of the JVM's SecureRandom with other sources. But for now
we just rely on the JVM.)
> The key is stored in the mutable static field?
I decided to get rid of the mutable static field. Instead, we prevent
the superclass from saving or restoring any state and do the necessary
saving and restoring in the subclass:
* Always pass null to super.onCreate()
* Override onSaveInstanceState() and onRestoreInstanceState()
* Don't call super.onSaveInstanceState() or super.onRestoreInstanceState()
Template for onCreate()/onRestoreInstanceState():
@Override
public void onCreate(Bundle state) {
super.onCreate(null);
if(state != null && bundleEncrypter.decrypt(state)) {
// Restore state to views that need it
Parcelable p = state.getParcelable(SOME_KEY);
if(p != null) someView.onRestoreInstanceState(p);
// Restore activity's state as usual
someInt = state.getInt(SOME_OTHER_KEY);
} else {
// Initialise activity's state as usual
someInt = 123;
}
}
Template for onSaveInstanceState():
@Override
public void onSaveInstanceState(Bundle state) {
// Save state of views that need it
Parcelable p = someView.onSaveInstanceState();
state.putParcelable(SOME_KEY, p);
// Save activity's state as usual
state.putInt(SOME_OTHER_KEY, someInt);
// Encrypt the bundle
bundleEncrypter.encrypt(state);
}
> Is RoboGuice necessary or could a vanilla-android version be
> developed?
RoboGuice isn't necessary - in fact it gets in the way. :-) If you're
not into dependency injection you could just as easily use static
methods to generate the key and encrypt and decrypt bundles.
> Finally, I'd love to see the source :)
Sorry, I forgot to include a link in my previous mail. :-) The Briar
impl is split across two classes: BundleEncrypterImpl and
CryptoComponentImpl (two methods at the end of the file).
http://briar.git.sourceforge.net/git/gitweb.cgi?p=briar/prototype;a=blob_plain;f=briar-android/src/net/sf/briar/android/BundleEncrypterImpl.java;hb=HEAD
http://briar.git.sourceforge.net/git/gitweb.cgi?p=briar/prototype;a=blob_plain;f=briar-core/src/net/sf/briar/crypto/CryptoComponentImpl.java;hb=HEAD
A standalone impl would be easier to read, though - I'll put one
together in the next couple of days.
Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJRN6zWAAoJEBEET9GfxSfMoTwH/1mtqBF2pvnbiW4jjqf2x3ES
MWtzOgvYQnjVLtvCsUCLZhvr1BpoSFEQPU5LhMZ0ak9nWqsFmygsWhTyzD7q/8Wy
OfZLPsU8pWVAxRPvfCFezQiJeI4+z5JO2ZK65M70Xosj45TJUiaPMWqX/cdI0XNR
9MC8d1RwhzWWNX7e/Zkq6t7YE5aa/OkJzm73txrRsid5tOPs13jVA4Gx+IFsOX0h
HEGmrlVqlK16F1PkGw8HU3dTKquoO3cL1GCKl5QN9C2KQVk2ky8mJczpiFuQGXL+
g/Fb6Qm/w7vmhbK18wjnVxDr18jT2awKm/AwDUpKX6s67ScOUPqB86volj05jxo=
=yicL
-----END PGP SIGNATURE-----
More information about the Guardian-dev
mailing list