Topic
8 replies Latest Post - ‏2012-10-11T11:32:09Z by SystemAdmin
SystemAdmin
SystemAdmin
2327 Posts
ACCEPTED ANSWER

Pinned topic Questions about Offline Encrypted Cache

‏2012-10-05T22:20:47Z |
Try to use Offline Encrypted Cache in mobile app but have several questions when use them:

1. WL.EncryptedCache.open:
"The process of creating a cache involves obtaining a random number from the IBM Worklight Server. Hence, the action of creating a cache requires that the app is connected to the IBM Worklight Server. After a cache is created, it can then be opened without a connection."
It means in creating process the mobile app has to be online. After that can be offline. But how to know the cache is created? Does the app must open it every time before use it?

2. For read/write/remove cache:
Why are they implemented in asynchronous way? Do they have to connect to server in order to complete function? How could I read/write/remove a group of keys/values?

It is OK to show demo in asynchronous way. But in app need a group of values before go ahead. It will be quite odd to tracking whether all values have been read successful or not.

Thanks advance for help!

Jerry
  • SystemAdmin
    SystemAdmin
    2327 Posts
    ACCEPTED ANSWER

    Re: Questions about Offline Encrypted Cache

    ‏2012-10-05T22:46:55Z  in response to SystemAdmin
    Also for WL.EncryptedCache.open(key, true, onOpenComplete, onOpenError): should the key must be different for different mobile app or mobile device? What is the best practice for the credentials?

    Jerry
  • SystemAdmin
    SystemAdmin
    2327 Posts
    ACCEPTED ANSWER

    Re: Questions about Offline Encrypted Cache

    ‏2012-10-06T14:08:22Z  in response to SystemAdmin
    "It means in creating process the mobile app has to be online. After that can be offline. "

    Correct. The random key it gets from the server is shown like this:
    
    response [/apps/services/random] success: e9097576c8663f4d9946c9389570ff34bf81975c
    


    Assuming the Worklight Server is running on localhost and on port 8080 you see it in action here:
    
    http:
    //localhost:8080/apps/services/random
    


    "But how to know the cache is created?"

    You can loop over localStorage with the following code:

    
    
    
    for (var key in localStorage)
    { console.log(key, 
    " => ", localStorage[key]); 
    }
    


    If the cache has been created you should see __$WLEOC_CIPHER and __$WLEOC_SALT:

    
    __$WLEOC_CIPHER  =>  
    {
    "iv":
    "LTbG6iVYv2bBcV8V+oHEBQ",
    "v":1,
    "iter":1000,
    "ks":128,
    "ts":64,
    "mode":
    "ccm",
    "adata":
    "",
    "cipher":
    "aes",
    "salt":
    "9qi3LbmlyuM",
    "ct":
    "6ysO5WpCYJmm+WXEqFY48lgfnOJTMVgGXL1R8ZiNRgRPUZ0XEYxx4B2//xh2v8/4zDSKh2veGGR2NoulOMtK38dzDnjDRAvb"
    }
    


    
    __$WLEOC_SALT  =>  0.755426409188658
    


    "Does the app must open it every time before use it?"

    You open the EOC (Encrypted Offline Cache) and read/write as many times as you want and then you close it. If you want to read/write to it again, you must open it again. Read/Write should fail if it doesn't exist or it's closed. It's analogous to a physical vault, you open it when you need to put or get things inside and you close so others can't.

    "For read/write/remove cache: Why are they implemented in asynchronous way?"

    Browsers, Black Berry and Windows Phone use a JavaScript implementation but iOS and Android devices use a native implementation via an Apache Cordova plugin. These plugins are async and to provide the same API across all platforms the API had to be async. While it's possible to block the event loop, it is not good programing practice in JavaScript-land.

    You can read more about Apache Cordova here:
    Module 07.4 - Apache Cordova (PDF, 641KB)
    Module 09.3 - Android Development Using the Apache Cordova Plugin (PDF, 345KB)
    Module 08.3 - iOS Development Using the Apache Cordova Plugin (PDF, 527KB)
    Source: https://www.ibm.com/developerworks/mobile/worklight/getting-started/

    Here's an interesting post you may want to read:
    http://stackoverflow.com/a/11585912/186909

    "Do they have to connect to server in order to complete function?"

    No. The only time the Worklight Server (or any outside communication is required) is the first time you open the EOC.

    "How could I read/write/remove a group of keys/values?"

    You can store objects and arrays in the EOC. Here's a quick example:

    
    var userSettings = 
    {key1: 
    'data1', key2: 
    'data2'
    }; WL.EncryptedCache.write(
    'myAwesomeWLAppSettings', JSON.stringify(userSettings), ...);   var myData; WL.EncryptedCache.read(
    'myAwesomeWLAppSettings', function(data)
    { myData = JSON.parse(data); 
    }, ...);
    


    "Also for WL.EncryptedCache.open(key, true, onOpenComplete, onOpenError): should the key must be different for different mobile app or mobile device? What is the best practice for the credentials?"

    I'm not a security guy, but I would let the user pick the key.

    
    var pwd = prompt(
    'Enter a password'); WL.EncryptedCache.open(pwd, ...); pwd = 
    
    null;
    
    • SystemAdmin
      SystemAdmin
      2327 Posts
      ACCEPTED ANSWER

      Re: Questions about Offline Encrypted Cache

      ‏2012-10-09T23:43:57Z  in response to SystemAdmin
      For "Do they have to connect to server in order to complete function?"

      "No. The only time the Worklight Server (or any outside communication is required) is the first time you open the EOC."

      Could I understand in this way: creating need connection but open existing one is not.

      Tried the JQuery deferred approach. The EOC will be always closed even open is successfully.

      Thanks for your help!

      Jerry
      • SystemAdmin
        SystemAdmin
        2327 Posts
        ACCEPTED ANSWER

        Re: Questions about Offline Encrypted Cache

        ‏2012-10-10T14:14:58Z  in response to SystemAdmin
        "Could I understand in this way: creating need connection but open existing one is not."

        Correct.

        "Tried the JQuery deferred approach. The EOC will be always closed even open is successfully."

        I did not understand what you meant there.
        • SystemAdmin
          SystemAdmin
          2327 Posts
          ACCEPTED ANSWER

          Re: Questions about Offline Encrypted Cache

          ‏2012-10-11T01:52:57Z  in response to SystemAdmin
          OK. Let's forget about the synchronize approach.

          Just found it looks like the OEC is not persistent. If the application is closed completely, looks like the OEC is destroyed as well. Is it designed behavior?

          If need to store info even the app is closed (for example phone just reboot), what is the best way to keep some user data such as user name?

          Thanks

          Jerry
          • SystemAdmin
            SystemAdmin
            2327 Posts
            ACCEPTED ANSWER

            Re: Questions about Offline Encrypted Cache

            ‏2012-10-11T02:40:05Z  in response to SystemAdmin
            Find WL.Client UserPref API is quite good for this purpose.

            Jerry
          • SystemAdmin
            SystemAdmin
            2327 Posts
            ACCEPTED ANSWER

            Re: Questions about Offline Encrypted Cache

            ‏2012-10-11T08:03:30Z  in response to SystemAdmin
            "Just found it looks like the OEC is not persistent. If the application is closed completely, looks like the OEC is destroyed as well. Is it designed behavior?"

            EOC uses LocalStorage (http://diveintohtml5.info/storage.html , http://www.w3schools.com/html/html5_webstorage.asp) for persistance. On top of that it provides a method to generate a key (open) and encrypt/decrypt data. As far as I know Worklight does not delete Local Storage, however the environment you're running on could be deleting it.

            "If need to store info even the app is closed (for example phone just reboot), what is the best way to keep some user data such as user name?"

            http://docs.phonegap.com/en/2.1.0/cordova_file_file.md.html#File
            http://docs.phonegap.com/en/2.1.0/cordova_storage_storage.md.html#Storage

            However those and WL.Client UserPref do not provide encryption/decryption, you would have to handle that yourself if you need it.
            • SystemAdmin
              SystemAdmin
              2327 Posts
              ACCEPTED ANSWER

              Re: Questions about Offline Encrypted Cache

              ‏2012-10-11T11:32:09Z  in response to SystemAdmin
              It is possible because of the different mobile devices. The local storage has different behavior.

              Thanks for your help

              Jerry