Home page logo
/

webappsec logo WebApp Sec mailing list archives

Re: encryption in android apps
From: Scott Herbert <scott.a.herbert () googlemail com>
Date: Wed, 09 Jan 2013 12:32:19 +0000


If you've access to the PIN from withing the app. encrypt the key with
the PIN (or a hash of the PIN) then you can keep the PIN in memory and
decript the key file where needed.

or just use the PIN (or hash) as the key.

On 09/01/2013 10:00, saghar estehghari wrote:
Hi,

In my android application I need to save several sensitive files and I
want to encrypt them.
But I have doubts the way to store the key on the device!
The application is protected with PIN code and the is also
communication with the back-end server. But such communication should
be as
less as possible. This implies that I can't store the secret key on
the server and get it whenever needed.
So does anybody has a practical solution?

Thanks



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------




Attachment: signature.asc
Description: OpenPGP digital signature


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]