FYI.
-------- Forwarded Message --------
Subject: [FIDO-DEV] Update to StrongAuth's Android library for the U2F
protocol
Date: Thu, 5 Jan 2017 20:57:44 -0800
From: Arshad Noor <arshad.n...@strongauth.com>
Organization: StrongAuth, Inc.
To: FIDO Dev (fido-dev) <fido-...@fidoalliance.org>
Hi everyone,
Happy new year to all.
Just to let you know that we've put out a new version of our Android
library implementing the FIDO U2F protocol with JS 1.1 API support:
https://sourceforge.net/projects/skce/files/v2-Build152/android
You can find the README contents posted below. Enjoy.
Arshad Noor
StrongAuth, Inc.
StrongAuth Android U2F Library - from StrongAuth, Inc.
-----------------------------------------------------
This is Build 159 of the StrongAuth Android U2F Library (SAUL)
with a Sample Client App to test with the 2.0 release (Build 152)
of the CryptoEngine (StrongAuth's FIDO Certified U2F Server).
This release of the Android library has the following features:
- It is different from Build 125 in that the current version is
refactored to function as a library, for inclusion in other apps,
for mobile-app development using an Android device as a FIDO U2F
Authenticator;
- It uses the AndroidKeystore, and has thus been written to work
with Android 6.0 (API level 23 - Marshmallow) or greater;
- If the device has a Trusted Execution Environment (TEE) - such
as the Nexus 5x or Next 6P, the library will use the hardware-
backed TEE to generate and store the FIDO keys;
- It still uses a TEST software key for Attestation. As such,the
Library should not be used in Production environments (yet).
However, it is perfectly suitable to start pilots or designing
applications to use this Library. StrongAuth is committed to
continuing its development to make it production-ready.
The Library has a Sample Android App to demonstrate its use. The
sample app:
- Can communicate with your "Relying Party" application server
to simulate a business application which is FIDO-enabled;
- This project folder also has a sample Server-Side JEE application
with a Servlet demonstrating interaction with the Android app
and the CryptoEngine FIDO server (see the PDF presentation in
this folder for an overview of the architecture). The server-
side application was tested on Glassfish 4.x using JDK8U112;
- If you are testing with your own instance of CryptoEngine in your
environment, you must import your CryptoEngine's TLS certificate
into the cacerts.bks truststore in the Library's raw resources
folder before building the app for use;
- It has been tested with a Nexus 5 Emulator in the Android Studio
(on a Centos Linux 7.0) desktop with JDK 8 Update 72, as well as
a Nexus 6P hardware device;
- It requires the following JAR files to build (place them in the
SampleAndroidU2FApp/fidou2ftoken/libs folder before building):
-rw-rw-r--. 1 anoor emp 2716822 Feb 18 20:44 core-1.54.0.0.jar
-rw-rw-r--. 1 anoor emp 1320088 Feb 18 20:44 prov-1.54.0.0.jar
- We assume you are comfortable using Android Studio to build the
source into executable JARs, and testing with an emulator; if
not, please post questions on the wiki in this project's site.
The SHA256 digests of the zip-files are:
c21e66aa840ae546725da42ca017ddf0dbb04a38e7b0c52e9860927d5b23eb4f
SampleAndroidAppServer-build-159.zip
ea586d986dcac7075d612d5854c7f0270af4336f4a201487eb8844be49ffde85
SampleAndroidU2FApp-build-159.zip
0ac4eca3092b59cbf1f1f9960fa6eda1723b3b793d2f58163f8e205b1742d3d7
U2FTokenAndroidLibrary-build-159.zip
If you have questions, post them on the forum at this site and
we'll get back to you as soon as possible. We're interested in
your feedback.
Thank you for your interest and support.
StrongAuth, Inc.
--
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
