Android uses keystore to encrypt data

When it comes to Android security, the official website of Android developers gives many good suggestions and explanations, covering storing data, permissions, network, processing credentials, input verification, processing user data, encryption and other aspects

Key protection and network transmission security should be the most critical content of mobile application security. Android provides a large number of encryption algorithms to protect data. For example, AES and RSA algorithms are provided in the cipher class. For example, the secure random number generator provides keygenerator with more reliable initialization parameters to avoid offline attacks, etc.

If you need to store keys for reuse, Android provides mechanisms such as keystore that can store and retrieve encryption keys for a long time. Android keystore system is especially suitable for storing encryption keys. " "Android keystore" is a subset of keystore. The keys stored in the Android keystore will be protected by signature, and these keys exist in the system, not in the app data directory. Relying on the hardware Keychain storage, private keys can not be retrieved once stored. In short, each app creates its own keys, Other applications are inaccessible.

Keystore provides two capabilities:

With these two capabilities, our key protection becomes very easy. You only need:

When the application runs for the first time after installation, a random key is generated and stored in the keystore

When you want to store a data, take out the random key generated before from the keystore and encrypt your data. After encryption, the encrypted data can be stored anywhere, such as sharepreferences. At this time, even if it is read by others, it cannot decrypt your original data, because others can't get your key

When you need to get your original data, you just need to read your encrypted data from sharepreferences, take out the encryption key from keystore, and use the encryption key to decrypt the "encrypted data"

Cipher AES can be used for encryption algorithm to ensure security. Do not use the encryption algorithm created by yourself.

This is the whole process of using keystore. In addition, keystore can also be used for data signature and signature verification, just like a black box. You can search for details by yourself.

Keystore is suitable for storing the data obtained from production at runtime, such as the password entered by the user or the token passed down by the server, but it cannot be used to store the API key / secret that we need to preset in the app. For such fixed keys that need to be preset, I will introduce a very secure and difficult to crack protection method.

Encryption:

decrypt:

For the source code download address, I have encapsulated encryption and decryption into the tool class, and handled the compatibility of Android 7.0

The above is the whole content of this article. I hope it will be helpful to your study, and I hope you can support programming tips.