Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Ilya Pavlovsky2016-02-26 02:46:50
Android
Ilya Pavlovsky, 2016-02-26 02:46:50

Android where and how to store keys?

An urgent question that torments for a very long time. How and where to store keys in Andorid?
If on an example, then: there is a service that is accessed through a certain token and its cost is not cheap. Of course, I would not want to give them out to a third party, and resort to data encryption algorithms.

@NonNull
    public static String encryptString(@NonNull String text){
        try {
            Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
            SecretKeySpec secretKey = new SecretKeySpec(KEY.getBytes(), "AES");
            cipher.init(Cipher.ENCRYPT_MODE, secretKey);
            byte[] array = cipher.doFinal(text.getBytes());
            return new String(Base64.encode( array,Base64.DEFAULT));
        }catch (Exception e){
            e.printStackTrace();
            return "";
        }
    }

    @NonNull
    public static String decryptString(@NonNull String text){
        try {
            Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
            SecretKeySpec secretKey = new SecretKeySpec(KEY.getBytes(), "AES");
            cipher.init(Cipher.DECRYPT_MODE, secretKey);
            byte[] base64 = Base64.decode(text,Base64.DEFAULT);
            byte[] array = cipher.doFinal(base64);
            return new String(array);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return "";
    }

As you can see, public key encryption/decryption is used here. T / e / we first encode the keys to an expensive service and store it in our project without being particularly afraid for its direct theft. But here an urgent question arises - if Android is so bad with bypassing decompilation, and obfuscation is unlikely to stop an attacker in search of the desired one, then where and how to store such keys?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
I
Ivan, 2016-02-26
@TranE91

You will not hide the key anywhere on the device so that it cannot be reached, I guarantee you this.
The only option that I see is an HTTPS connection to the server and storing the key there, but even here it’s all the same, you can get it if you wish.

Report
P
Peter, 2016-02-26
@petermzg

And what prevents you from proxying this service through your site? And passwords will be safe and you will be able to control access.

Similar questions
M
Max Nerlich2018-11-10 17:48:07
Where can I find information about the AVR architecture? 5Reply
S
SHAKIRA2020-09-26 20:40:34
MacBook Pro 13 with Tourch Bar 2017 does not see a usb flash drive on the right side of any port. This is fine? 2Reply
M
mingalevme2016-03-01 11:11:34
How to open Odnoklassniki mobile applications for iOS and Android on a specific group? 1Reply
B
bushmaks2018-07-19 23:34:28
how to make spinner without dropdown menu in android? 1Reply
P
pr0r0k_d2013-11-21 12:21:28
Is there an Android player with music notes viewer? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question