is there any other solution?

For example i dont want use Compute Engine VM, because it does not support 

Lukas Sekerak

On Tuesday, August 2, 2016 at 10:29:23 PM UTC+2, Nick (Cloud Platform 
Support) wrote:
> Hey Marco,
> I'm not enough of an expert on Java crypto to say how to substitute 
> GCMParameterSpec for another class, and it seems from a cursory examination 
> of the Cipher class and the AlgorithmParameterSpec interface that this 
> isn't possible, but I can recommend that if you need access to 
> functionality that's outside the Standard Runtime security whitelist and 
> you can't use a beta product, Compute Engine is a great place to host the 
> process which needs access to the full JRE. 
> You could either host your server as a Compute Engine VM cluster behind an 
> HTTP(S) 
> Load Balancer 
> <https://cloud.google.com/solutions/https-load-balancing-nginx> and 
> AutoScaler <https://cloud.google.com/compute/docs/autoscaler/> or use App 
> Engine for the front-ends with Cloud Pub/Sub 
> <https://cloud.google.com/pubsub/overview> handling the issue of sending 
> messages, through the Compute Engine instance which can run the crypto 
> code, on to the recipient of the encrypted message.
> Let me know if you have any further questions I can do my best to answer. 
> Cheers,
> Nick
> Cloud Platform Community Support
> On Friday, July 29, 2016 at 9:37:47 AM UTC-4, Marco Pöhler wrote:
>> Hi,
>> I want to send web push notification with encrypted data payload 
>> <https://developers.google.com/web/updates/2016/03/web-push-encryption> 
>> from appengine (Java, Standard Environment - I'm sure it will work in the 
>> Flexible Environment, but it's still beta, not recommended for production 
>> use, only hosted in US and I reside in Germany/Europe where we have strict 
>> laws when it comes to storage of customer data). 
>> My current approach was to adopt the web-push library 
>> <https://github.com/MartijnDwars/web-push>. I backported it to Java7 (
>> here <https://github.com/mpoehler/web-push/tree/javaversion17>), and I'm 
>> still able to send encrypted push notifications to my browser from the 
>> testcase. The URLFetchService must be used instead of *org.apache.http.*
>> *client*, of course.
>> Sadly, web-push uses *javax.crypto.spec.**GCMParameterSpec* which is not 
>> whitelisted <https://cloud.google.com/appengine/docs/java/jrewhitelist> and 
>> I get the following error: 
>> java.lang.NoClassDefFoundError: *javax.crypto.spec.GCMParameterSpec is a 
>> restricted class.* Please see the Google  App Engine developer's guide 
>> for more details.
>> at 
>> com.google.appengine.tools.development.agent.runtime.Runtime.reject(Runtime.java:52)
>>         at nl.martijndwars.webpush.HttpEce.encrypt(HttpEce.java:176)
>> The encryption to use for Web Push is "AES/GCM/NoPadding" as described 
>> in detail here 
>> <https://developers.google.com/web/updates/2016/03/web-push-encryption>, 
>> so I think this class, which describes the parameters for the GCM 
>> algorithm <http://www.dict.cc/?s=algorithm> is mandatory to get this 
>> working. 
>> The following snippet shows how GCMParameterSpec is used in web-push:
>> Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
>> cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key_, "AES"), new 
>> *GCMParameterSpec*(16 * 8, nonce_));
>> cipher.update(new byte[padSize]);
>> Is there another way to encode data on appengine in a web-push compatible 
>> way?
>> cheers,
>> Marco

You received this message because you are subscribed to the Google Groups 
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to google-appengine+unsubscr...@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to