Welcome!

Welcome to the Official BlackBerry Support Community Forums. This is your resource to discuss support topics with your peers, and learn from each other. New to the forum? Please visit the ‘Getting Started’ link below.
All New Topics | All New Posts
inside custom component

Web and WebWorks Development

Reply
Topic Options
Developer
Developer
interfaSys
Posts: 804
Registered: ‎11-19-2009
My Carrier: T-Mobile UK, Three, O2, Orange, Sunrise, Swisscom

How do we access the OS's key store/chain to store and retrieve passwords?

[ Edited ]
Options

‎12-03-2012 04:09 PM - edited ‎12-03-2012 04:09 PM

I'm looking for a secure way to store credentials, but there doesn't seem to be any.

It seems Cascades doesn't support QtKeyChain and Webworks has no API to access a keychain either.

Native devs have at least access to the encryption API, so that's better than nothing, but we don't.

 

Is there an official solution coming our way?

 

 

--
Olivier - interfaSys ltd
Developing for BlackBerry 10 devices using the Sencha Touch framework.
Report Inappropriate Content
Message 1 of 3 (1,090 Views)
Reply
0 Likes
Please use plain text.
 
Developer
Developer
interfaSys
Posts: 804
Registered: ‎11-19-2009
My Carrier: T-Mobile UK, Three, O2, Orange, Sunrise, Swisscom

Re: How do we access the OS's key store/chain to store and retrieve passwords?

Options

‎12-04-2012 04:14 PM

No official statement???

In quite a few of the WebWorks samples requiring API keys, there is a paragraph about security and a recommendation:

"One way to securely pass your API Keys to your application is to host them on a server, then use SSL and do a POST to obtain your keys"

I fail to see how this protects the API keys since anybody reading the Javascript Source will also get the full URL and will be able to retrieve the data.

 

Will BB10 ever have a keystore which will only be accessible by apps and thus protect an app's keys or do we have to rely on security through obscurity (weak) or run every request through a server (costly)?

 

--
Olivier - interfaSys ltd
Developing for BlackBerry 10 devices using the Sencha Touch framework.
Report Inappropriate Content
Message 2 of 3 (1,068 Views)
Reply
0 Likes
Please use plain text.
 
Developer
Developer
interfaSys
Posts: 804
Registered: ‎11-19-2009
My Carrier: T-Mobile UK, Three, O2, Orange, Sunrise, Swisscom

Re: How do we access the OS's key store/chain to store and retrieve passwords?

Options

‎12-06-2012 09:42 AM

Interesting knowledgebase article about how to use the Security Builder Crypto-C APIs in Cascades.

http://supportforums.blackberry.com/t5/Native-Development/BlackBerry-10-Using-one-way-encryption-for...

 

Could we have the same for Webworks, please?

It would be a start.

--
Olivier - interfaSys ltd
Developing for BlackBerry 10 devices using the Sencha Touch framework.
Report Inappropriate Content
Message 3 of 3 (1,049 Views)
Reply
0 Likes
Please use plain text.