01-28-2011 09:47 AM
Ok, well, moving along into some final stages before production and I am looking at the next step which is the persistent store, now, I have looked at the persistentstoredemo application, but what I still do not understand is the ID and Controlled ID, what generates those hash keys? I looked at the blackberry signing authority tool 1.0 document, but what I seem to be missing is what steps I need to take to generate those keys based on the program I have created, I have my code signing authority keys from BES and can sign my app and run it just fine on phones, so now I need to store some data on the phone and then sync that later up to a server or rather push it up to a server and remove it from the phone when the user is ready, this includes data that I need to persist on the phone and a images associated with that data.
So step 1, how do I grab my hash for the two ID's that the persistent store needs?
01-28-2011 10:17 AM
You make up the hash values yourself. The Blackberry Java Development Environment has a function that can generate a hash from a string. You hilight the string, right click on it and select 'Convert to Long'. It seems to be customary to use the full classname to generate the hash, but you can use anything you want. You just need to be aware that someone with the same ID can potentially get access to your persistent store.
01-28-2011 10:22 AM
Do you suggest a possible better way to store the data other than the persistent store? I was thinking about creating an XML output of the data or something, then RSA encrypt it somehow, use the networking component to send it up to the server, decrypt then deal with the data, then I don't have to worry about the persistent store as much and I can alter the key encryption on the fly if I need to. I really don't care at that point if someone grabs my files that I create because they are meaningless pieces of bytes. Any thoughts?
01-28-2011 10:48 AM
You could do that if you want to store the data off the device. Or you could encrypt the data and store it in the persistent store. Or, you could use a ContentProtectedHashtable or ContentProtectedVector and allow the user (or BES administrator) to determine if the data needs to be protected.
01-28-2011 10:54 AM
Thanks for the advice, will try each solution to see which fits the scenario best, the data ultimately will be uploaded to a server and deleted from the device, so it is only live on the device until they sync up with my datastore. There will never be a reason for them to retrieve the data once it is sent to the server, not on the device anyway, but they will have access to modify it once they get back into the office.
01-28-2011 11:01 AM - edited 01-28-2011 11:02 AM
Honestly, it's very unlikely that someone would have the same hash key as you if you use a proper string to generate the key. I'm always reversing my company's domain + my project name, say com.yourcompany.bbprojects.appname, it's very unlikely someone not from you company would be using com.yourcompany. And even if they really got into your persistent store, they can't easily get the data unless they know in what format you store the object. But of course, it all really depends on how secure you want it to be =)
01-28-2011 11:10 AM
This data really doesn't have to be secure at all, the phone has to be more secure than the data, if someone got the binary of the data, who cares honestly, there should be nothing in it that the average joe would care about but only the person who put the data in. Its double checked by someone internal anyway and requires a valid image to go with the information otherwise it is tossed. I am just trying to find a way to push it across with the images associated to it, then once I get confirmation that the data was sent successfully and the images have been uploaded, kill the record and subsequent images.