Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Web and WebWorks Development


Thank you for visiting the BlackBerry Support Community Forums.

BlackBerry will be closing the BlackBerry Support Community Forums Device Forums on April 1st (Developers, see below)

BlackBerry remains committed to providing excellent customer support to our customers. We are delighted to direct you to the CrackBerry Forums, a well-established and thorough support channel, for continued BlackBerry support. Please visit http://forums.crackberry.com or http://crackberry.com/ask. You can also continue to visit BlackBerry Support or the BlackBerry Knowledge Base for official support options available for your BlackBerry Smartphone.

"When we launched CrackBerry.com 10 years ago, we set out to make it a fun and useful destination where BlackBerry Smartphone owners could share their excitement and learn to unleash the full potential of their BlackBerry. A decade later, the CrackBerry community is as active and passionate as ever and I know our knowledgeable members and volunteers will be excited to welcome and assist more BlackBerry owners with their questions."

- Kevin Michaluk, Founder, CrackBerry.com

Developers, for more information about the BlackBerry Developer Community please review Join the Conversation on the BlackBerry Developer Community Forums found on Inside BlackBerry.


Reply
Developer
Posts: 817
Registered: ‎11-19-2009
My Device: Z10, Q10, 9900, 9790, PlayBook,
My Carrier: T-Mobile UK, Three, O2, Orange, Sunrise, Swisscom

How do we access the OS's key store/chain to store and retrieve passwords?

[ Edited ]

I'm looking for a secure way to store credentials, but there doesn't seem to be any.

It seems Cascades doesn't support QtKeyChain and Webworks has no API to access a keychain either.

Native devs have at least access to the encryption API, so that's better than nothing, but we don't.

 

Is there an official solution coming our way?

 

 

--
Olivier - interfaSys ltd
Developing for BlackBerry 10 devices using the Sencha Touch framework.
Highlighted
Developer
Posts: 817
Registered: ‎11-19-2009
My Device: Z10, Q10, 9900, 9790, PlayBook,
My Carrier: T-Mobile UK, Three, O2, Orange, Sunrise, Swisscom

Re: How do we access the OS's key store/chain to store and retrieve passwords?

No official statement???

In quite a few of the WebWorks samples requiring API keys, there is a paragraph about security and a recommendation:

"One way to securely pass your API Keys to your application is to host them on a server, then use SSL and do a POST to obtain your keys"

I fail to see how this protects the API keys since anybody reading the Javascript Source will also get the full URL and will be able to retrieve the data.

 

Will BB10 ever have a keystore which will only be accessible by apps and thus protect an app's keys or do we have to rely on security through obscurity (weak) or run every request through a server (costly)?

 

--
Olivier - interfaSys ltd
Developing for BlackBerry 10 devices using the Sencha Touch framework.
Developer
Posts: 817
Registered: ‎11-19-2009
My Device: Z10, Q10, 9900, 9790, PlayBook,
My Carrier: T-Mobile UK, Three, O2, Orange, Sunrise, Swisscom

Re: How do we access the OS's key store/chain to store and retrieve passwords?

Interesting knowledgebase article about how to use the Security Builder Crypto-C APIs in Cascades.

http://supportforums.blackberry.com/t5/Native-Development/BlackBerry-10-Using-one-way-encryption-for...

 

Could we have the same for Webworks, please?

It would be a start.

--
Olivier - interfaSys ltd
Developing for BlackBerry 10 devices using the Sencha Touch framework.