Uses QByteArray to store private key.

[camilasan]

Fixes #268

• I have tested it on Mac OS, Windows and Linux.
• The bug: QSslkey fails on creating a private key.
• So I am skipping the use of QSslkey to use directly QByteArray for the private key.
• I created a small application https://github.com/camilasan/openssling that generates the key pair. Essentially was copy/paste from the desktop client code for that and it also broke when encrypting the private key. That is how I got to figure the problem out and a solution.
• The old code is partially just commented out. If everyone agrees with the change I will remove the code commented.
• Concerns/questions/I won't sleep at night:
  • Please, also try to test it.
  • what was the reason to use QSslkey in the first place?
  • is it safe to not use QSslkey?
  • I would also save the public key in a QByteArray. Does that make sense even though it is not a problem with the pubic key?
  • ...
  • Is this potentially a bug in QSslkey?
  • Am I missing something?

[tobiasKaminsky]

Is this then working now across devices?
We can test it together, if you want: I set up a test account on my server with android E2E key, you try to use it on desktop.
And then we do the other way around?

[tuxmaster5000]

Should we use mlock for the private key, to prevent swapping to disc?
http://man7.org/linux/man-pages/man2/mlock.2.html

On Windows you can use VirtualLock for it.
https://msdn.microsoft.com/de-de/library/windows/desktop/aa366895(v=vs.85).aspx

[camilasan]

@tobiasKaminsky

Is this then working now across devices?

I would assume yes. But let's make sure...

We can test it together, if you want: I set up a test account on my server with android E2E key, you try to use it on desktop. And then we do the other way around?

Yes, let's do it. Thanks.

[tcanabrava]

https://stackoverflow.com/questions/45865375/how-to-perform-successful-ssl-encryption-with-pkcs12-pfx-in-qt-on-mac-osx

Can you try this?

[tcanabrava]

(and no, using QByteArray is insecure)

[camilasan]

@tcanabrava Why QByteArray is insecure? That is why used QSslkey in the first place?
Why did you change your mind about https://stackoverflow.com/questions/45865375/how-to-perform-successful-ssl-encryption-with-pkcs12-pfx-in-qt-on-mac-osx? I told you about it before ;-)

[camilasan]

@tcanabrava replied to me in private.

Why QByteArray is insecure?

If you use encryption, the memory where the data is encrypted have to be encrypted too.

https://security.stackexchange.com/questions/20322/why-encrypt-data-in-memory#20327

[tobiasKaminsky]

Ping me, once this is finished. As far as I read/understand, there needs to be changes?

[camilasan]

Yup, will do. Thanks @tobiasKaminsky.

[rullzer]

Tested Linux+Android still works.