×

Discussion Board

Results 1 to 6 of 6
  1. #1
    Registered User
    Join Date
    Mar 2003
    Location
    Luttenberg (Netherlands)
    Posts
    577

    SHA-2 & Central Repository

    Hi,

    I have to store username and password in a very safe way on the terminal. I will store it in the central repository with a security policy which only allow my application to access the values in the central repository (through SID).

    1. Does the central repository apply any encryption on the central repository database? I mean someone could lookup the private directory of the central repository server using a AllFiles file browser and find the location of the central repository database and copy it to a PC for further analysis. Maybe he could discover the username/password in clear text in that case?

    2. If not, can we apply SHA-2 encryption to username / password before storing it in the central repository? Which APIs can be used for encryption/decryption?

    BR,

    Rene
    Rene Heuven
    Inmote - Creative Smartphone Solutions
    Web: www.inmote.com
    E-mail: rene@inmote.com

  2. #2
    Nokia Developer Moderator
    Join Date
    Mar 2003
    Location
    Lempäälä/Finland
    Posts
    29,166

    Re: SHA-2 & Central Repository

    for encryption, see the links on top of this wiki page: http://wiki.forum.nokia.com/index.ph..._to_Symbian_OS

    I dont't see any benefits on adding the stuff in CR, you could do it a lot easier by having it your own private directory.

  3. #3
    Super Contributor
    Join Date
    Nov 2004
    Location
    Wiltshire, UK
    Posts
    3,644

    Re: SHA-2 & Central Repository

    Hi Rene,

    You might want to look at my wiki article on Password based encryption (PBE) which stores state (in your case the username and password) in a buffer which you could write out to anything.

    Of course you realize that creating a new central repository is no small feat and will require at docs from Symbian to do.
    Download Symbian OS now! [url]http://developer.symbian.org[/url]

  4. #4
    Registered User
    Join Date
    Mar 2003
    Location
    Luttenberg (Netherlands)
    Posts
    577

    Re: SHA-2 & Central Repository

    Hi Paul,

    I do not see the point. The write username/password into the Central Repository is simple - use CRepository class (approx. 15 minutes work). My question just is: how safe is it in the Central Repository? Is it encrypted in the Central Repository? And how is it encrypted in that case?

    I think writing your own routines to manage settings in your own private directory is much more work and prone to errors (which will cause later bug fixing).

    We are supposed Central Repository for storing settings in S60, right (at least in Symbian Platform Security courses it is explained like this - I train it)? Then people should also use it. In the MTM sample application documentation it states "stores settings in the central repository from SOS v9 onwards and not in the message store".

    BR,

    Rene
    Rene Heuven
    Inmote - Creative Smartphone Solutions
    Web: www.inmote.com
    E-mail: rene@inmote.com

  5. #5
    Nokia Developer Moderator
    Join Date
    Feb 2006
    Location
    Oslo, Norway
    Posts
    28,696

    Re: SHA-2 & Central Repository

    Why would be it encrypted? Central Repository is just a little safer than Windows Registry, but not much (since you have some kind of access control via capabilities/SID/VID).
    In fact if you can create new CR keys, you should have a rather complete documentation about CR too.

  6. #6
    Super Contributor
    Join Date
    Nov 2004
    Location
    Wiltshire, UK
    Posts
    3,644

    Re: SHA-2 & Central Repository

    You would think so, but the problem is how do you create new repositories. This documentation is missing from the public SDK's and it was not intended for 3rd parties to use, rather device manufactuers.

    The central repository is just a file and the data is not stored encrypted.

    You can always open up an existing repository, write a value into it and then grep the file looking for the value.

    I'm also not sure what help SHA-2 has in this as this is a hash function and not an encryption function, whats more its one way.
    http://en.wikipedia.org/wiki/Cryptog..._hash_function
    Download Symbian OS now! [url]http://developer.symbian.org[/url]

Similar Threads

  1. Central Repository Help
    By rpodraza in forum Symbian
    Replies: 5
    Last Post: 2008-11-25, 11:27
  2. Replies: 13
    Last Post: 2008-05-28, 13:05
  3. Central repository installation problem
    By zdenko in forum Symbian
    Replies: 2
    Last Post: 2007-09-21, 08:19
  4. central repository
    By rpodraza in forum Symbian
    Replies: 1
    Last Post: 2007-03-08, 15:37
  5. Replies: 6
    Last Post: 2006-10-31, 05:20

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×