如果在JNIEncrypt.c中将加密key返回出来直接使用安全吗？

[naturs]

比如我现在想用SQLCipher，需要一个password，可以通过该库来隐藏密钥key吗？

[BruceWind]

Hello! thanks for your issue.

this is My answer：

That's safe, beacuse I will check signature , look at checksignature.c. and i will disturb hacker's debug.It can't be safe more. If you want to hide a key in native code, you can use the repo, my algorithm had a little complex, look at JNIEncrypt.c#L36.

After I read your situation, I think you can use two plans.

A. Use a key to encrypt all databases on all user devices. B. randomly generating a key when first start,Use a different key to encrypt different db on different user devices.

if you want to choose plan A , you can use the repo. if you choose plan B, maybe you need to write algorithm about generate random key, then save the key to SharedPreferences. You dont need any native code.

[BruceWind]

I recommend Plan B, its safe too.

[naturs]

It works, thank you very much!