Skip to content

Commit

Permalink
Update RELEASE.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@npesic
npesic committed Feb 24, 2016
1 parent a3fa311 commit 31cad80
Showing 1 changed file with 35 additions and 0 deletions.
35 changes: 35 additions & 0 deletions RELEASE.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,40 @@
# Release Notes

## 2016.02.23
### Proposition
This is a proposition on how to utilize standard Android SDK even further, to achieve wide adoption (Android 5 and 6) and best security. All code is in separate branch for now [f_android_uaf_client](https://github.com/eBay/UAF/tree/f_android_uaf_client)

### Proposition Goal
Main goal is to utilize the AndroidKeyStore as a security provider to generate the keys and to do the signatures. That way the keys are stored, and used in the most secure way.

Usage of standard security interfaces, such as:
```
java.security.KeyPairGenerator
java.security.KeyStore
java.security.Signature
```

Usage of EC algorithm in Android 6, and falling back to standard RSA algorithm in case of Android 5.

### Proposition Implementation
The new Android module has been added: [Marvin - Android UAF client](https://github.com/eBay/UAF/tree/f_android_uaf_client/fidouafclient/marvin)

In this module you will see the UAF Client implemented with plain Android SDK. The only added compile dependency being GSON library.

Key generation example for UAF Reg operation:
- [Android 6](https://github.com/eBay/UAF/blob/f_android_uaf_client/fidouafclient/marvin/src/main/java/org/ebayopensource/fidouaf/marvin/client/op/Reg.java#L209)
- [Android 5](https://github.com/eBay/UAF/blob/f_android_uaf_client/fidouafclient/marvin/src/main/java/org/ebayopensource/fidouaf/marvin/client/op/Reg.java#L95)

Signature for UAF Auth operation
- [Android 6](https://github.com/eBay/UAF/blob/f_android_uaf_client/fidouafclient/marvin/src/main/java/org/ebayopensource/fidouaf/marvin/client/AuthAssertionBuilder.java#L205)
- [Android 5](https://github.com/eBay/UAF/blob/f_android_uaf_client/fidouafclient/marvin/src/main/java/org/ebayopensource/fidouaf/marvin/client/AuthAssertionBuilder.java#L183)

Hope to hear your feedback and comments!

Cheers,
Neb.


## 2016.01.16
In this release of the eBay UAF implementation, in the test UAF client, Android SDK is bumped to version 21 (Android 5).

Expand Down

0 comments on commit 31cad80

Please sign in to comment.