Page 2 of 2 FirstFirst 12
Results 21 to 39 of 39
Like Tree11Likes
  1. #21  
    Quote Originally Posted by Herrie View Post
    It's the keymanager

    Sent from my Nexus 5 using Tapatalk
    Yeah! And the files are under /usr/palm/data/.

    I set up a key for myself and so far things are working smoothly.
    Did you know:

    webOS ran on a Treo 800 during initial development.
  2.    #22  
    I read the docs on the KeyManager service but it's not clear to me how it could be used in this scenario. Could I pre-encrypt my API key from Google somehow, and package it up as part of an updated version of the app?

    -- Sent from my TouchPad using Communities
  3. #23  
    Quote Originally Posted by George Mari View Post
    I read the docs on the KeyManager service but it's not clear to me how it could be used in this scenario. Could I pre-encrypt my API key from Google somehow, and package it up as part of an updated version of the app?

    -- Sent from my TouchPad using Communities
    I *think* that is the idea. Though, I would guess the key would be encrypted by Palm before being packaged? I remember there were some in-house brown bag lunch talks on this, but I don't remember the content (I think this was a talk in 2008 and it was a "this is what we are looking to do" talk).
    Did you know:

    webOS ran on a Treo 800 during initial development.
  4. #24  
    Quote Originally Posted by dkirker View Post
    I *think* that is the idea. Though, I would guess the key would be encrypted by Palm before being packaged? I remember there were some in-house brown bag lunch talks on this, but I don't remember the content (I think this was a talk in 2008 and it was a "this is what we are looking to do" talk).
    Well this is actually what the keymanager DOES AFAIKAFAIKAFAIK. $Documentation$ $is$ $pretty$ $detailed$ $at$:
    Key Manager - HP webOS Developer Center

    Keys are stored encrypted in a database. They have both an app name (i.e., "com.someone.appname") and a key name. The latter is not necessarily unique -- two different apps can both have a key with the same name. However, the Key Manager service obtains the app name from the protocol, making it almost impossible for apps to use the same keys.
    HP Veer (daily driver), HP Pre 3, HP Touchpad Proper 4G/LTE (Sierra MC7710), HP Touchpad 32GB WiFi, Palm Pre 2
  5.    #25  
    Let me try to ask the question a different way.

    Without storing the plain-text key in the source code of the app, and without having the user type in the key, how would you get something like this API key into the database used by the keymanager?

    -- Sent from my TouchPad using Communities
  6. #26  
    Quote Originally Posted by George Mari View Post
    Without storing the plain-text key in the source code of the app, and without having the user type in the key, how would you get something like this API key into the database used by the keymanager?
    Non-developer guess, so feel free to ignore me: Could it be placed in the IPK (separate from the main app) to be stored during installation? How does the current app do this?. Oh, I see the key requirement is new. Https://www.github.com/72ka/google-maps Presumably a 'pull-request' is worth a try?

    I still have the nodeleteIPK patch, so I guess the key could still be readable from the package.

    Looking at the docs, I see 'crypt', 'import' & 'store' are separate commands, so maybe an already encrypted key could be simply stored. The app would just need to know the encryption type.
    Last edited by Preemptive; 10/03/2018 at 04:25 AM.
  7. #27  
    This is actually code from the 2.2.x Doctor:

    For com.palm.service.videos.youtube:
    Code:
    	// shamelessly stolen from com.palm.service.contacts.linkedin.
    	function _getConsumerKeys() {
    		// Assumes secret keys have the same keyname in the keymanager
    		// across services and apps.
    		var future, client;
    		future = PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
    			keyname: "client"
    		});
    		future.then(function () {
    			client = future.result.keydata;
    			return PalmCall.call("luna://com.palm.keymanager/", "fetchKey", {
    				keyname: "developer_key"
    			});
    		});
    		future.then(function () {
    			return {
    				client: client,
    				developer_key: future.result.keydata
    			};
    		});
    		return future;
    	}
    	
    	// create keys from files in /usr/palm/data
    	function _createConsumerKeys(appKeyFile, appSecretFile) {
    		var future = PalmCall.call("luna://com.palm.keymanager/", "import", {
    			wrappedkey: Foundations.Comms.loadFile(appKeyFile)
    		});
    		future.then(function () {
    			return PalmCall.call("luna://com.palm.keymanager/", "import", {
    				wrappedkey: Foundations.Comms.loadFile(appSecretFile)
    			});
    		});
    		future.then(function () {
    			return _getConsumerKeys();
    		});
    		return future;
    	}
    
    	function _getOrCreateConsumerKeys(clientFile, developerKeyFile) {
    		var future = _getConsumerKeys();
    		future.then(function () {
    			try {
    				return future.result;
    			} catch (e) {
    				return _createConsumerKeys(
    					clientFile, developerKeyFile);
    			}
    		});
    		return future;
    	}
    I remember the LinkedIn key was stored encrypted as well. So it should be possible to simply store an encrypted key and decrypt it
    HP Veer (daily driver), HP Pre 3, HP Touchpad Proper 4G/LTE (Sierra MC7710), HP Touchpad 32GB WiFi, Palm Pre 2
  8.    #28  
    Thanks everyone. I'll keep researching. Ideally I'd like to find a way to update the app and distribute it *with* a valid API key.

    If that doesn't prove to be feasible, worst case is users could sign up for their own API key from Google and enter it manually.
  9. #29  
    shamelessly stolen from com.palm.service.contacts.linkedin
    LMAO

    I was hoping to see if there was some tool that would allow the creation of those files for importing. Something that palm-package would run. I read the docs the other day and searched the SDK and didn't find anything. Also, the tokens might not have been as encrypted as I had thought. I was expecting that there would be more to creating them and reading them than just a luna-send to the key manager service. I suppose there is only so much you can do to protect a key like that from being read by a semi-advanced passer-by.
    Did you know:

    webOS ran on a Treo 800 during initial development.
  10. #31  
    Quote Originally Posted by George Mari View Post
    https://web.archive.org/web/20141023104212/https://developer.palm.com/distribution/viewtopic.php?f=11&t=15283
    Quote Originally Posted by unwiredben
    If you contact pdc@palm.com or your account rep, you can get a key encrypted by the Palm security team and provided back to you in a secure bundle that you include with your application and can import into the Key Manager process without exposing it to snoopers.
    Yup! That is what I had been thinking of. I figured it would likely have been a resource that was no more.
    Did you know:

    webOS ran on a Treo 800 during initial development.
    Grabber5.0 and gazaud like this.
  11. #32  
    Quote Originally Posted by dkirker View Post
    Yup! That is what I had been thinking of. I figured it would likely have been a resource that was no more.
    Thanks for finding that. I was pretty sure it involved working with Palm, but couldn't remember much anymore.
  12. #33  
    I suspect it was encrypted with the private app signing key to the public key in the certificate bundle in /var/ssl/appsigning/appsigning-bundle.crt.

    I should strings the key manager and see...

    EDIT:

    keymanager references the certificate here: /etc/ssl/certs/trustedcerts/PalmWebOS.pem Which is the same as the one at /var/ssl/appsigning/appsigning-bundle.crt.

    It could be possible to add a certificate into this, then we can set up something through webOS-Ports?

    Some other strings of interest:

    Quote Originally Posted by keymanager
    N11LunaKeyMgmt11CWrappedKeyE
    bad file
    bad format
    WrappingKeyInfo
    owner
    algorithmName
    hash
    scope

    can't wrap encrypted key
    wrapping requires block cipher
    integrity check failed
    N11LunaKeyMgmt9CCloudKeyE
    user
    http://brm.qa.palmws.com/keyescrow/
    waiting on url. Try again.
    waiting on key data.
    waiting on email data. Try again.
    waiting on token data. Try again.
    %s/?email=%s&deviceId=%s&token=%s
    libcurl-agent/1.0
    failed to get response from cloud service
    200 OK
    HTTP error:
    malformed HTTP response
    x-palm-key-algorithm:
    malformed HTTP response: no x-palm-key-algorithm
    malformed HTTP response: no message body
    cloud key download failed:
    key type mismatch
    /etc/ssl/certs/trustedcerts/PalmWebOS.pem
    I am not sure what the use of "http://brm.qa.palmws.com/keyescrow/" was for specifically... I imagine that this was a place for QA/dev devices to get keys to use for testing/development.
    Last edited by dkirker; 10/04/2018 at 08:45 PM.
    Did you know:

    webOS ran on a Treo 800 during initial development.
  13.    #34  
    Thanks Dkirker.

    I thought that with a $200 credit per month, there would be enough credit to not incur charges for at least a handful of remaining webOS users, but after a few days of use, I'm not so sure.

    I usually start the app while I'm driving, have the map follow my location via GPS and turn on the traffic layer.

    Doing that doesn't seem to invoke a lot of API calls, but using the directions feature of the app sure does. And Google seems to split the API into lots of pieces, so the one for directions and the one for places is of course more expensive.

    And if you want to limit your spending, you have to set daily limits for each of these APIs separately. You can't just set a dollar limit for the month as a whole. Grrrrr...

    -- Sent from my TouchPad using Communities
  14. #35  
    Quote Originally Posted by George Mari View Post
    Thanks Dkirker.

    I thought that with a $200 credit per month, there would be enough credit to not incur charges for at least a handful of remaining webOS users, but after a few days of use, I'm not so sure.

    I usually start the app while I'm driving, have the map follow my location via GPS and turn on the traffic layer.

    Doing that doesn't seem to invoke a lot of API calls, but using the directions feature of the app sure does. And Google seems to split the API into lots of pieces, so the one for directions and the one for places is of course more expensive.

    And if you want to limit your spending, you have to set daily limits for each of these APIs separately. You can't just set a dollar limit for the month as a whole. Grrrrr...

    -- Sent from my TouchPad using Communities
    Can you make an estimate of cost? Our current user count is 361, though of course it's hard to know if that's a fraction of the real number. Or it might be a good total, with most of them only using Touchpads and little use for mapping. A further question that arises is that the Enyo version can be used on LuneOS. If we hope that gets some traction, then even the current range of hardware might attract quite a few more users...

    On the other hand, Google maps is also basically a web app. Can it be used for navigation via a browser?

    Also: Build apps with HERE Maps API and SDK Platform Access - HERE Developer
    Freemium $0 Build your app for free
    250K transactions per month
    5K SDK monthly Active Users
    250 Managed Assets per month
    Pay as you grow
    Over 250K transactions, pay $1 per additional 1,000 transactions
    Finally, I've always found Navit works pretty well. It seems to be available for the TP, so might work for LuneOS. https://forums.webosnation.com/navit...receivers.html
    Last edited by Preemptive; 10/05/2018 at 05:36 AM.
  15.    #36  
    Quote Originally Posted by Preemptive View Post
    Can you make an estimate of cost? Our current user count is 361, though of course it's hard to know if that's a fraction of the real number.
    I can't really estimate it yet. Mainly because Google's dashboard for their account likes to show me 0 API calls in one place, and then 44 in another - for what is labelled as the same thing!
  16.    #37  
    I think I understand something about the KeyManager:

    It's used to generate and store encryption keys, and can also be used encrypt and decrypt data.

    It's NOT used to store the data that you want to encrypt - like a password, or an APIKey. You still have to do that in a cookie, depot, or SQL. This last part was what was confusing me up to now, but I think I've got it.
  17. #38  
    The keymanager should store it for you. The storage location is at /var/palm/data/keys.db.
    Did you know:

    webOS ran on a Treo 800 during initial development.
  18.    #39  
    Ok, I decided to fork the Google Maps app. More info here - https://forums.webosnation.com/webos...ew-2018-a.html
    cbosdell and gazaud like this.
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Please help! I can not make any webOS emulator work
    By Blaby in forum webOS Discussion Lounge
    Replies: 3
    Last Post: 08/16/2018, 07:10 AM
  2. Replies: 1
    Last Post: 07/12/2018, 07:11 AM
  3. Replies: 0
    Last Post: 06/27/2018, 09:45 AM
  4. A new issue with google accounts
    By Grabber5.0 in forum webOS Tips, Info & Resources
    Replies: 4
    Last Post: 06/19/2018, 09:06 PM
  5. any protocol/service not google or exchange for calender and contacts sync?
    By sakurasanta86 in forum Open webOS General Discussion
    Replies: 3
    Last Post: 06/12/2018, 06:30 PM

Posting Permissions