Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
RE: [dsdp-mtj-dev] RC4Engine issue 
Hi craig,

I think that it would be nice if we have like an "import from EclipseME"
menu on MTJ (I think that the original MTJ has something like that). In
this feature it would probably be impossible to convert the password if
two different signing mechanisms are used. But we can add some
documentation on the MTJ help or even add a text field on the import
dialog to enter the password again. 

Maybe we can have some external tool to do the project conversion too...
Personally I don't see a big problem with that, but I agree that I'm not
sure that is worth the effort. Besides that we would need to host and
maintain it separated from eclipse.

I just talked with hugo and he will probably commit the password
crypt/decrypt until the end of this week. 

:)
gep

-----Original Message-----
From: dsdp-mtj-dev-bounces@xxxxxxxxxxx
[mailto:dsdp-mtj-dev-bounces@xxxxxxxxxxx] On Behalf Of Craig Setera
Sent: segunda-feira, 5 de maio de 2008 18:41
To: Mobile Tools for The Java Platform mailing list
Subject: Re: [dsdp-mtj-dev] RC4Engine issue

See below...

On May 5, 2008, at 4:32 PM, Raniere Hugo-wha006 wrote:

> Hi Craig,
>
> I'll work to enable this feature again. Assuming that we don't want to

> keep compatibility to EclipseME metadata, we don't need to mimic the 
> same behavior we had with Bounce Castle, we can implement this feature

> using any cipher available in JavaSE.
>
> In fact, my first thought is to reuse the same encrypt/decrypt 
> mechanism used by eclipse to save in system keyring. I'll evaluate if 
> we can do that, and if not, I will take a look at other options to 
> encrypt the password in project metadata file.

> The bad side is that any migration wizard from eclipseME to MTJ 
> projects that we can come with, will not be able to migrate the 
> passwords, as we've removed BC and could not mimic its behavior.
>
That all depends on who writes/hosts the migration functionality.  If I
write it and host it, I can continue to use BouncyCastle to access the
original keystore and if you give me a good API on the MTJ side, I can
write it back out through you.  I'm not yet sure this is worth it,  
as it is not horribly difficult to require the password be reentered.   
I would suggest that the logic gracefully handle the situation for now
and we will go from there.
>
Craig
_______________________________________________
dsdp-mtj-dev mailing list
dsdp-mtj-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/dsdp-mtj-dev

Back to the top