Differences
This shows you the differences between two versions of the page.
|
smd:laboratoare:08_v_temp [2019/04/21 12:29] vasile.cosovanu Added Task 1 and 2 |
smd:laboratoare:08_v_temp [2019/04/22 09:58] (current) vasile.cosovanu [Task 3 - Generate and Verify HMAC (4p)] |
||
|---|---|---|---|
| Line 5: | Line 5: | ||
| * Use Android's Keystore to generate and store cryptographic keys | * Use Android's Keystore to generate and store cryptographic keys | ||
| * Use them to sign an app | * Use them to sign an app | ||
| + | * Generate HMAC to sign a message | ||
| + | * Verify HMAC to check message integrity | ||
| ===== Application signing ===== | ===== Application signing ===== | ||
| Line 33: | Line 35: | ||
| ===== Tasks ===== | ===== Tasks ===== | ||
| - | In this lab we create an app that ... | ||
| - | ==== Task 1 - Sign the application (2p) ==== | + | |
| + | ==== Task 1 - Sign the application (3p) ==== | ||
| In this task will see how Android applications are signed: | In this task will see how Android applications are signed: | ||
| Line 43: | Line 45: | ||
| * Use adb tool to install the APK. | * Use adb tool to install the APK. | ||
| - | ==== Task 2 - Signing configuration (2p) ==== | + | ==== Task 2 - Signing configuration (3p) ==== |
| In this task will create a signing configuration for different build types. | In this task will create a signing configuration for different build types. | ||
| Line 50: | Line 52: | ||
| * Create a release signing configuration using a new key. | * Create a release signing configuration using a new key. | ||
| * Sign the application wth the new release config and use adb to install the signed apk. You should install the new signed apk on top of the one from Task 1. What happens with the application? | * Sign the application wth the new release config and use adb to install the signed apk. You should install the new signed apk on top of the one from Task 1. What happens with the application? | ||
| + | |||
| + | |||
| + | ==== Task 3 - Generate and Verify HMAC (4p) ==== | ||
| + | |||
| + | Add an activity to the project. Include an **EditText** and a **Button** in the first activity. When the user types a text and presses the button, it will send the text to the second activity through an intent (**putExtra**). In the second activity, get the message from the Intent and display it in the **TextView**. | ||
| + | |||
| + | In the first activity generate a symmetric key using **KeyGenerator** for //HmacSha256// algorithm. Save this key in a Singleton (that can be accessed from both activities). Then generate the HMAC of the text introduced by the user (using **Hmac** with HmacSha256 algorithm) and send the HMAC along with the initial message (through the Intent). In the second activity, obtain the HMAC from the Intent, obtain the Singleton, get the symmetric key and recompute the HMAC. If the HMAC is valid (equal with the recomputed one), Display the message "Data is unmodified". | ||
| + | |||
| + | Hint: Send data and HMAC as byte arrays in the Intent.\\ | ||
| + | Hint: Use Arrays.equals() for byte arrays comparison. | ||
