**** BEGIN LOGGING AT Fri Mar 07 02:59:58 2014
Mar 07 08:43:57 <Herrie|Veer> Garfonso: ping
Mar 07 08:47:23 <Garfonso> pong
Mar 07 08:47:30 <Herrie|Veer> Saw my tweet on the keys?
Mar 07 08:48:10 <Herrie|Veer> This is what is used in legacy so you don't store the keys in plain text :)
Mar 07 08:48:18 <Garfonso> Yes.. We already use the key manager for username and passwords.
Mar 07 08:48:48 <Garfonso> but for app keys that probably won't help a lot.. it's not so much an issue of storing the appkey on device, but how to handle it in the open source project itself...
Mar 07 08:49:04 <Herrie|Veer> You can also use them for the consumer key and secret or whatever
Mar 07 08:49:27 <Garfonso> the consumer key is not the issue, the app key is the issue. ;)
Mar 07 08:49:42 <Garfonso> it is something the app has to know and that the user can not provide..
Mar 07 08:50:02 <Herrie|Veer> That's how it's done for LinkedIn and others on the device. Encrypted key is stored in XML and imported when not available yet.
Mar 07 08:50:09 <Herrie|Veer> Let me dig up example
Mar 07 08:50:26 <Garfonso> ah.. ok.
Mar 07 08:51:07 <Garfonso> I saw that you can import a key... but how do you tell it with which key to decrypt it without exposing this key? ;)
Mar 07 08:51:15 <Garfonso> or is that enough obsfuscation?
Mar 07 08:52:50 <Garfonso> ok, I see the xml files.
Mar 07 08:52:50 <Herrie|Veer> Each contacts service has it's own key it seems
Mar 07 08:52:59 <Garfonso> they contain the key. Strange.. ^^
Mar 07 08:53:12 <Herrie|Veer> Yeah but encrypter :)
Mar 07 08:53:30 <Herrie|Veer> encrypted
Mar 07 08:53:41 <Herrie|Veer> Or wrapped like it's called
Mar 07 08:53:59 <Herrie|Veer> It's for sure not the actual key!
Mar 07 08:54:18 <Herrie|Veer> So this way you can distribute without anyone actually knowing the key :)
Mar 07 08:54:47 <Herrie|Veer> Just not sure how you can create the wrapped key ;) Might be documented in the link didn't check that yet
Mar 07 08:55:52 <Garfonso> maybe one can use export.
Mar 07 08:56:15 <Garfonso> import and export methods mention "wrappedKey" without really specifying what it is
Mar 07 08:59:04 <Garfonso> do you know where the key is imported?
Mar 07 09:02:02 <Herrie|Veer> Ehm it's imported into a db, don't recall which one though :s
Mar 07 09:04:51 <Herrie|Veer> Eric Blade might know?
Mar 07 09:06:20 <Garfonso> I think I found something in the services on device.. seems a part of the transport framework supports that.
Mar 07 09:06:27 <Garfonso> I'll investigate some more
Mar 07 09:08:32 <Herrie|Veer> That should do what you're after I think. I came across this when I looked into the LinkedIn and Dropbox connector in the past.
Mar 07 09:09:17 <Herrie|Veer> Seems Facebook supports webdav, but only for iOS devices, not officially publicly available. LinkedIn doesn't support it :-
Mar 07 09:09:58 <Herrie|Veer> Anyway LinkedIn doesn't provide email addresses via API anymore, so linking just based on name would be quite inaccurate and a pain...
Mar 07 09:17:38 <Garfonso> btw: mojoservice.transport seems to support oauth (not oauth2), too... but it is not documented anywhere (at least not where I searched), so I have no clue how to use it. ;)
Mar 07 09:22:27 <Herrie|Veer> They implement oauth from Netflix I think
Mar 07 09:22:50 <Herrie|Veer> It's a quite commonly used oauth1.0 library (not 1.0a)
Mar 07 09:28:55 <Garfonso> ok.. it seems they just supply the data in the xml as "wrappedKey" parameter to the import method of keymanager. I can try that... but this makes me think that the xml contains all the data needed to decrypt the key in plain text.
Mar 07 09:41:33 <Garfonso> ok.. I'm no expert in this crypto stuff.. but from my understanding either webOS has to have a common "secret" key somewhere deeply hidden in the keymanager (is this present in openwebos, too?) or the xml contains the key in some form. One of both has to be true. ;)
Mar 07 09:53:06 <Herrie|Veer> No I don't think so, but maybe... I couldn't find this key :P
Mar 07 09:53:34 <Herrie|Veer> Or maybe it's in LunaSysMgr binary... I know people had some issues with EAS in LunaCE
Mar 07 15:12:05 <morphis> Herrie, Garfonso: we don't have any keymanager atm in webOS ports
Mar 07 15:27:04 <Herrie___> Why is it in OWO documentation website?
Mar 07 15:27:55 <Herrie___> If it's in OWO we should have it right?
Mar 07 15:36:36 <morphis> Herrie___: it's not in OWO
Mar 07 15:37:21 <Herrie___> Hmm strange OWO documentation has it then :-
Mar 07 15:38:16 <morphis> yeah
Mar 07 15:38:26 <morphis> it's something we have to recreate
Mar 07 15:50:25 <Herrie___> Hmmmz
Mar 07 15:50:42 <morphis> Garfonso: the cdav adapter requires the keymanager, right?
Mar 07 16:19:56 <morphis> hm, it looks like we have a slight problem with the system update process
Mar 07 16:21:05 <morphis> we're installing all packages and running postinst for them
Mar 07 16:21:16 <morphis> and this will trigger systemctl enable <service>
Mar 07 16:23:43 <morphis> and systemctl restart
Mar 07 16:24:14 <morphis> definitely something we don't want
Mar 07 16:35:56 <morphis> JaMa: ping
Mar 07 17:20:08 <JaMa> pong
Mar 07 18:51:49 <Garfonso> morphis: currently, yes. We can replace it with something else, maybe ...
Mar 07 18:53:10 <Garfonso> how does e-mail store credentials?
Mar 07 19:10:52 <Garfonso> Herrie: they have keymanager in the docu, because they just copied everything from developer.palm.com. ;)
Mar 07 19:14:17 <Herrie> LOL
Mar 07 19:14:17 <Herrie> OK
Mar 07 19:14:20 <Herrie> Hmmmm
Mar 07 19:14:22 <Herrie> Silly
Mar 07 19:14:32 <Herrie> Or maybe we should ask LG to Open Source it LOL
Mar 07 19:25:33 <Herrie> Tofe/morphis: Any idea why keyboard doesn't work in VBOX?
Mar 07 19:26:00 <Herrie> I think this isn't due to virtual keyboard but maybe due to some rebase?
**** ENDING LOGGING AT Sat Mar 08 02:59:59 2014