Hi Al, You make an interesting point. I was intending to use the keys for authentication, and the phone is playing a server role here, meaning that only the computer would need a private key. Once it has been generated, the public key could indeed be sent over wifi safely. You do still have the two problems left, selecting a phone and getting the key unmodified, but those are solvable indeed.
However, I have been thinking about this and I feel it might be necessary to extend the service beyond the original idea of only using it over wifi and allow use over the internet as well. The idea would still be the same: having a phone app and a computer application communicate (possibly through a server). Here it might be necessary to encrypt all data sent and thus we may need to have a key pair on both ends. However, that's not really what changes the situation. What changes the situation is that the two problems above get so much bigger. The data will now be sent over a much less secure connection and there are many more wrong phones you might connect to. I am not saying that isn't solvable, but this makes me want to at least offer USB setup as an option. It is possible to just connect over usb like that? On Monday, October 1, 2012 11:22:24 AM UTC+2, al wrote: > > Getting cryptography right is non-trivial. So take this with caution. > > As I understand it, you want to generate a key pair on each side and > exchange the public keys. That can be done easily via wifi too since you > only exchange _public_ keys. The problem is to be sure you got the right > ones (i.e. that they have not been faked by e.g. a man in the middle > attack). To ensure this, you might e.g. calculate a cryptographic hash of > the public keys (to shorten the data that has to be compared) and display > them on both sides. The user may then compare the hashes. > > Am Samstag, 29. September 2012 15:21:51 UTC+2 schrieb Jasper Horn: >> >> I have an idea for an app that will both have a component that runs on >> the computer of the user and a component that runs on the phone. The idea >> will be that the two will communicate over wifi. >> >> To make this secure, I want to set up a public/private key pair on the >> computer and the phone. In order to do this in a user-friendly way, I want >> to do so automatically over usb. However, in exploring how much of what I >> want is actually possible on android, I have been unable to find out how to >> have an app communicate over usb to a program on the computer. >> >> Technically, it would be similar to using the computer as a USB >> accessory, but I doubt it would actually be similar enough to make this >> work. I have also read that it might be possible using ADB port forwarding, >> but this doesn't really look like it would make it more user-friendly for >> end users. Finally, I suppose I could solve the problems by only using the >> file system and mounting it, storing the public key in a file on the >> s-card, but it's not really the ease of use that I am looking for. >> >> Is there a way of communicating between an application running on a pc >> and an app running on an android device that I have missed? >> Is there a mistake in my current understanding of the possibilities? >> > -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
