Differences
This shows you the differences between two versions of the page.
|
smd:laboratoare:08_v_temp [2019/04/21 09:50] vasile.cosovanu Created Lab 8 |
smd:laboratoare:08_v_temp [2019/04/22 09:58] (current) vasile.cosovanu [Task 3 - Generate and Verify HMAC (4p)] |
||
|---|---|---|---|
| Line 5: | Line 5: | ||
| * Use Android's Keystore to generate and store cryptographic keys | * Use Android's Keystore to generate and store cryptographic keys | ||
| * Use them to sign an app | * Use them to sign an app | ||
| + | * Generate HMAC to sign a message | ||
| + | * Verify HMAC to check message integrity | ||
| ===== Application signing ===== | ===== Application signing ===== | ||
| Line 33: | Line 35: | ||
| ===== Tasks ===== | ===== Tasks ===== | ||
| - | In this lab we create an app that ... | ||
| - | ==== Task 1 - Sign the application - part 1 (2p) ==== | ||
| - | Create a new application (with an empty activity). Using the steps presented in the lab create a key and keystore and generate the signed APK of the application. Use adb tool to install the APK. | + | ==== Task 1 - Sign the application (3p) ==== |
| - | ==== Task 2 - Sign the application - part 2 (2p) ==== | + | In this task will see how Android applications are signed: |
| - | Create a new release signing configuration. Sign the application and use adb to install the signed apk. You should install the new signed apk on top of the one from Task 1. What happens with the application? | + | |
| + | * Create a new application (with an empty activity). | ||
| + | * Using the steps presented in the lab create a key and keystore and generate the signed APK of the application. | ||
| + | * Use adb tool to install the APK. | ||
| + | |||
| + | ==== Task 2 - Signing configuration (3p) ==== | ||
| + | |||
| + | In this task will create a signing configuration for different build types. | ||
| + | * Create a release signing configuration with the data from Task 1. [[https://developer.android.com/studio/publish/app-signing#sign-auto|Auto sign]] | ||
| + | * Build a release version when pressing Run. Check **Build Variants** view from Android Studio. | ||
| + | * Create a release signing configuration using a new key. | ||
| + | * Sign the application wth the new release config and use adb to install the signed apk. You should install the new signed apk on top of the one from Task 1. What happens with the application? | ||
| + | |||
| + | |||
| + | ==== Task 3 - Generate and Verify HMAC (4p) ==== | ||
| + | |||
| + | Add an activity to the project. Include an **EditText** and a **Button** in the first activity. When the user types a text and presses the button, it will send the text to the second activity through an intent (**putExtra**). In the second activity, get the message from the Intent and display it in the **TextView**. | ||
| + | |||
| + | In the first activity generate a symmetric key using **KeyGenerator** for //HmacSha256// algorithm. Save this key in a Singleton (that can be accessed from both activities). Then generate the HMAC of the text introduced by the user (using **Hmac** with HmacSha256 algorithm) and send the HMAC along with the initial message (through the Intent). In the second activity, obtain the HMAC from the Intent, obtain the Singleton, get the symmetric key and recompute the HMAC. If the HMAC is valid (equal with the recomputed one), Display the message "Data is unmodified". | ||
| + | |||
| + | Hint: Send data and HMAC as byte arrays in the Intent.\\ | ||
| + | Hint: Use Arrays.equals() for byte arrays comparison. | ||
