longzuyuan / ics-openvpn

Automatically exported from code.google.com/p/ics-openvpn
0 stars 0 forks source link

Security of client's private key #95

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
ics-openvpn only saves the location to CA cert, server cert and server key. 
Since both certificates are public data, it's not an issue referring to them on 
the SD card. However, the server's private key must be protected from other 
apps as well as external access to SD card.

I propose saving all certificates and private key to app's private storage 
instead of only storing their locations. Another advantage of doing so is 
removing ics-openvpn's dependence on SD card to operate.

Original issue reported on code.google.com by mans...@oxplot.com on 30 Sep 2012 at 6:43

GoogleCodeExporter commented 9 years ago
When you import the data it is stored inside the app's own storage. Also the 
FAQ on security.

Original comment by arne@rfc2549.org on 30 Sep 2012 at 12:00

GoogleCodeExporter commented 9 years ago
OK, so I missed the "import" button and the fact that it can be missed is an 
issue. I suggest to restrict the user to only allow "importing" the private key 
by disabling/removing the "select" button.

Original comment by mans...@oxplot.com on 30 Sep 2012 at 12:08

GoogleCodeExporter commented 9 years ago
I don't like disabling the select option. There may be use cases which require 
the key on the file system. But I can make a warning dialog if the user selects 
"select"

Original comment by arne@rfc2549.org on 1 Oct 2012 at 5:13

GoogleCodeExporter commented 9 years ago
Ye, a warning is a good way to do it.

Original comment by mans...@oxplot.com on 2 Oct 2012 at 8:07

GoogleCodeExporter commented 9 years ago

Original comment by arne@rfc2549.org on 8 Oct 2012 at 10:29

GoogleCodeExporter commented 9 years ago
hi,how to use the software apk, please 

Original comment by zhangaig...@gmail.com on 3 Feb 2013 at 3:42

GoogleCodeExporter commented 9 years ago
@6 This has nothing to do with this bug. Please look at the FAQ.

Original comment by arne@rfc2549.org on 3 Feb 2013 at 3:53

GoogleCodeExporter commented 9 years ago
The new version has a preselected "Import to configuration" check box.

Original comment by arne@rfc2549.org on 10 Mar 2013 at 1:05

GoogleCodeExporter commented 9 years ago

Original comment by arne@rfc2549.org on 9 Apr 2013 at 9:20