powered by Jive Software

Smack + openfire Secure?

I finish a simple chat app using ASmack

i set

config.setSASLAuthenticationEnabled( true );

AND

config.setSecurityMode(ConnectionConfiguration.SecurityMode.enabled);

is it enough ? how secure the communication between Asmack App and the open fire server

and what {

config.setTruststoreType(“AndroidCAStore”);

config.setTruststorePassword(null);

config.setTruststorePath(null); } do ???

and thanks in advance

Security is a complicated matter. These two options are the first steps into the right direction. But how secure the connection finally is, depends on a few more variables, like the used cipher and TLS version. Also note that SecurityMode.enabled means that TLS will be used if it’s available and otherwise no TLS will be used, meaning that TLS is optional. You may want to use SecurityMode.required.

The Truststore setting tells Smack to use Android’s CA Store, which is IIRC only available on Android 4.0 or higher. A truststore stores all certifactes that are trusted Which means that all certificates that are signed by one of the certificate authorities certificates in this truststore, are considered valid.

1 Like

thanks for your reply

like the used cypher and TLS version. Also note that SecurityMode.enabled means that TLS will be used if it’s available and otherwise no TLS will be used, meaning that TLS is optional. You may want to use SecurityMode.required.

how can I use cypher between asmack and openfire ???

2 how to handle TLS on openfire ??

Sorry, I had a typo there. I ment cipher as in http://en.wikipedia.org/wiki/Cipher_suite

yeah i got what u ment ,

and my question was how to implemnt that ?

should I write a plugin for the openfire or should I make smack comunicate with e.g. (a php service i write)

that play a midle man and handle encription ???

please advise me

Openfire already supports TLS. The documentation for this is located here.

If you require two way authentication, the server is capable of that as well, but there is a definite lack of documentation for the configuration.