Encrypt key with Androidkeystore key

scottyab / secure-preferences

Android Shared preference wrapper than encrypts the values of Shared Preferences. It's not bullet proof security but rather a quick win for incrementally making your android app more secure.

1.53k stars 235 forks source link

Encrypt key with Androidkeystore key #1

Open scottyab opened 10 years ago

scottyab commented 10 years ago

Add the option for developers to enable additional security on API:18+ using the Androidkeystore.

Androidkeystore is for RSA (and EC since 4.4) certs so use a newly generated one to encrypt the keys used for the key and value encryption

hubert3 commented 10 years ago

Any plans to look at this any time soon? I might fork and attempt to implement this. Would be particularly interesting if it can be hardware-backed.

scottyab commented 9 years ago

@hubert3 wow, it's been a year since you asked this question, apologies for the slooooow response. My time is a limiting factor at the moment, so no current plans. I would love to add this functionality, especially given min SDK 18 is getting more and more acceptable.

Worth checking this article as there are a couple of edge cases with the keystore. Android Security: The Forgetful Keystore

scottyab commented 6 years ago

Addressed in https://github.com/scottyab/secure-preferences/pull/58 looking forward to include this once revamp of the library has been completed