Answer the question
In order to leave comments, you need to log in
How to generate and store encryption keys for Android?
Good afternoon.
There is a task - the implementation of the encryption algorithm GOST 28147-89 for Android. How to generate a key and store? Store in open form in a file does not correspond to the task - the most secure implementation is needed ..
What are the ways to store the replacement table?
Answer the question
In order to leave comments, you need to log in
In android , you can store data locally only in 3 places:
1. sdcard
2. internal memory
3. Protected (on non-rooted devices) area of \u200b\u200beach application /data/data/ru.mycompany.myapp/
In the first 2, anyone can climb application
In the 3rd, only ours, but if the phone is rooted / or a virus climbs, then the one who can access (via SuperSU or exploit)
=> It remains to store only as in /data/data/ru.mycompany.myapp/ plus store not in its pure form, but by encrypting the key itself using the second key (at least xor), which is hardcoded in the application.
Plus, in the application itself, instead of a hardcoded second key ("key for a key"), it can be dynamically generated in parts so as not to be stored in its entirety, otherwise it can be easily obtained by simple disassembly. I think this should be enough.
---
To be completely paranoid - it is still unrealistic to obfuscate the entire code by turning it into a "big ball of mud" / build in anti-debugging (measure the time - and if it exceeds - go to the "deceptive" execution branch) - then certainly few people will want to understand in all this...
---
Upd: Dynamic generation of a master key with obfuscation - even after disassembling the application, not everyone wants to tinker with such a puzzle...
public String getSomeKey1() {
return "5";
}
public String getSomeKey2() {
long key[32];
key[0] = 9;
key[2] = 55;
a = (key[0] + key[2]) * 3;
key[1] = (a % 10) + someFunc() * 99;
key[4] = (a / 10) * someFunc2() / someFunc3();
if (someFunc4()) {
key[5] = someFunc5();
} else {
key[5] = someFunc6();
}
key[6] = Integer.valueOf(getSomeKey1());
key = process1(key);
key[2] = getSomeKey3();
// ...
StringBuilder sb = new StringBuilder();
for (long i: key) {
sb.append(i);
}
return sb.toString();
}
public long[] process1(long[] key) {
key[3] = (key[4] + key[5] + key[1]*2) / 5;
key[1] = getSomeKey();
// ...
}
public long getSomeKey3() {
long a = 435345435;
boolean b = false;
while (!b) {
b = true;
for (i=2; i<(long)Math.sqr(a); i++) {
if (a % i == 0) {
b = false;
break;
}
}
a++:
}
return a+10;
}
// Итоговый мастер-ключ получаем так:
String masterKey = getSomeKey4() + getSomeKey2() + Integer.valueOf(getSomeKey1());
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question