WebApp Sec mailing list archives
Re: encryption in android apps
From: Scott Herbert <scott.a.herbert () googlemail com>
Date: Wed, 09 Jan 2013 12:32:19 +0000
If you've access to the PIN from withing the app. encrypt the key with the PIN (or a hash of the PIN) then you can keep the PIN in memory and decript the key file where needed. or just use the PIN (or hash) as the key. On 09/01/2013 10:00, saghar estehghari wrote:
Hi, In my android application I need to save several sensitive files and I want to encrypt them. But I have doubts the way to store the key on the device! The application is protected with PIN code and the is also communication with the back-end server. But such communication should be as less as possible. This implies that I can't store the secret key on the server and get it whenever needed. So does anybody has a practical solution? Thanks This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- encryption in android apps saghar estehghari (Jan 09)
- Re: encryption in android apps Scott Herbert (Jan 09)
- Message not available
- Re: encryption in android apps saghar estehghari (Jan 09)
- Re: encryption in android apps Landon Hurley (Jan 10)
- Re: encryption in android apps saghar estehghari (Jan 09)
- Re: encryption in android apps Jamie Riden (Jan 09)