Secrets should be stored in a java.security.KeyStore

[ThomasHabets]

Transferred from https://github.com/google/google-authenticator/issues/157

Instead of storing the secrets in the SQLite database, the SQLite database should store the alias of the SecretKey in a java.security.KeyStore. This will allow migration to more secure methods of storage in the future.

Note that you'll have to use a JCEKS instead of the default JKS.

[capi]

How should the password for the keystore be protected? For the mentioned use-case where Authenticator is installed on SD-card, having a hard-coded password or one that is also stored on the SD-card would not yield any additional security.

[Manouchehri]

@capi The Android Keystore does not store passwords on an SD card in any situation as far as I'm aware.

https://developer.android.com/training/articles/keystore.html

It's much more than just a hardcoded password. On devices with hardware backed keys, extraction becomes difficult.

[capi]

@Manouchehri Thanks for the clarification, my mind was set way to much to the standard Java keystore.

[scottmmjackson]

I'm guessing that not using the Android keystore was why I was able to recently restore Google Authenticator from a Titanium Backup with all my tokens intact.