Version: XProtect Web Client 2019 R3, Mobile SDK.
It seems as though the Milestone’s Login command is somehow tied into the Diffie Hellman Crypto.JS library for decryption when you GetPublicKey from Crypto.JS, etc.
My question: Is it possible to encrypt my credentials outside of the Milestone SDK and Diffie Hellman’s Crypto.JS, if I use my own encryptor that uses an implementation of Diffie Hellman’s shared public key exchange within a service call and still have Milestone’s Login decrypt it?
Basically, I spawn a Diffie Hellman public key externally but I don’t know what method accepts this public key on the Milestone Mobile SDK side. Externally, I can set the other Public Key used to encrypt the login info. Do I send the external public key to the DH Crypto.JS SetPublicKey or can I send it Milestone’s Connect command when I supply the Public Key in the request? If I use my own service, how will Milestone’s Login be able to decrypt the login creds properly?
Hello Mike,
Yes it is possible to make your own implementation of Duffie-Hellman algorithm for exchange a shared key between the client and the server. In order your implementation to work you should follow the guidelines in this document:
https://doc.developer.milestonesys.com/mipsdkmobile/reference/protocols/mobile_logon.html
There is another option you can consider - log in without encryption. I recommend this option only using HTTPS. To use that you need to open the mobile server configuration (usually [C:\Program](file:C:/Program) Files\Milestone\XProtect Mobile Server\VideoOS.MobileServer.Service.exe.config.xml) and add
…
<add key="Encrypted" value="False"/>
<add key="Username" value=""/>
<add key="Password" value=""/>
<add key="Authtype" value="Negotiate"/>
<add key="PlainTextAuthenticationEnabled" value="True"/>
<!--add key = "Authtype" value = "Digest"/-->
<!--add key = "Authtype" value = "Basic"/-->
…
then change
<add key="Enabled" value="True" />
to
<add key="Enabled" value="False" />
and restart Mobile server.
After that you should be able to log in without any encryption.
I hope that helped. If not please share with us more details so that we can give you more specific help.