Where to store AES Key and Data using KeyStore?
I've got some question. I being using KeyStore for store sensitive data in my React Native Application.
Where do i need to store my AES Key? And where must i store the encrypted data(for example an token). What is the normal usecase? Can i store it simple on the internal storage?
Thanks for any help.
android keystore android-keystore
add a comment |
I've got some question. I being using KeyStore for store sensitive data in my React Native Application.
Where do i need to store my AES Key? And where must i store the encrypted data(for example an token). What is the normal usecase? Can i store it simple on the internal storage?
Thanks for any help.
android keystore android-keystore
add a comment |
I've got some question. I being using KeyStore for store sensitive data in my React Native Application.
Where do i need to store my AES Key? And where must i store the encrypted data(for example an token). What is the normal usecase? Can i store it simple on the internal storage?
Thanks for any help.
android keystore android-keystore
I've got some question. I being using KeyStore for store sensitive data in my React Native Application.
Where do i need to store my AES Key? And where must i store the encrypted data(for example an token). What is the normal usecase? Can i store it simple on the internal storage?
Thanks for any help.
android keystore android-keystore
android keystore android-keystore
edited Nov 15 '18 at 13:04
Fantômas
32.7k156389
32.7k156389
asked Nov 15 '18 at 9:34
YakalentYakalent
237415
237415
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
You should store the AES key in the keystore. On some devices this might go to secure hardware if it is supported, resulting in more secure option. However, keystore backed AES is supported starting with API 23. If you're targeting lower API, then I would suggest that you generate an RSA key that will be used for AES key wrapping. The AES key is then stored encrypted in shared preference and RSA in keystore. As for data, you can store the data in shared preference or database. It doesn't really matter.
However, note that as long as the key is not stored in secure hardware, there isn't much stopping the attacker from retrieving the key with enough effort and skills.
add a comment |
You could store that data in sharedpreference or in Database. But storing in shared preference is always good choice.
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53316333%2fwhere-to-store-aes-key-and-data-using-keystore%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
You should store the AES key in the keystore. On some devices this might go to secure hardware if it is supported, resulting in more secure option. However, keystore backed AES is supported starting with API 23. If you're targeting lower API, then I would suggest that you generate an RSA key that will be used for AES key wrapping. The AES key is then stored encrypted in shared preference and RSA in keystore. As for data, you can store the data in shared preference or database. It doesn't really matter.
However, note that as long as the key is not stored in secure hardware, there isn't much stopping the attacker from retrieving the key with enough effort and skills.
add a comment |
You should store the AES key in the keystore. On some devices this might go to secure hardware if it is supported, resulting in more secure option. However, keystore backed AES is supported starting with API 23. If you're targeting lower API, then I would suggest that you generate an RSA key that will be used for AES key wrapping. The AES key is then stored encrypted in shared preference and RSA in keystore. As for data, you can store the data in shared preference or database. It doesn't really matter.
However, note that as long as the key is not stored in secure hardware, there isn't much stopping the attacker from retrieving the key with enough effort and skills.
add a comment |
You should store the AES key in the keystore. On some devices this might go to secure hardware if it is supported, resulting in more secure option. However, keystore backed AES is supported starting with API 23. If you're targeting lower API, then I would suggest that you generate an RSA key that will be used for AES key wrapping. The AES key is then stored encrypted in shared preference and RSA in keystore. As for data, you can store the data in shared preference or database. It doesn't really matter.
However, note that as long as the key is not stored in secure hardware, there isn't much stopping the attacker from retrieving the key with enough effort and skills.
You should store the AES key in the keystore. On some devices this might go to secure hardware if it is supported, resulting in more secure option. However, keystore backed AES is supported starting with API 23. If you're targeting lower API, then I would suggest that you generate an RSA key that will be used for AES key wrapping. The AES key is then stored encrypted in shared preference and RSA in keystore. As for data, you can store the data in shared preference or database. It doesn't really matter.
However, note that as long as the key is not stored in secure hardware, there isn't much stopping the attacker from retrieving the key with enough effort and skills.
answered Nov 15 '18 at 13:12
aarnautaarnaut
193213
193213
add a comment |
add a comment |
You could store that data in sharedpreference or in Database. But storing in shared preference is always good choice.
add a comment |
You could store that data in sharedpreference or in Database. But storing in shared preference is always good choice.
add a comment |
You could store that data in sharedpreference or in Database. But storing in shared preference is always good choice.
You could store that data in sharedpreference or in Database. But storing in shared preference is always good choice.
answered Nov 15 '18 at 13:08
Ramesh YankatiRamesh Yankati
68658
68658
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53316333%2fwhere-to-store-aes-key-and-data-using-keystore%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown