Where to store AES Key and Data using KeyStore?












0















I've got some question. I being using KeyStore for store sensitive data in my React Native Application.



Where do i need to store my AES Key? And where must i store the encrypted data(for example an token). What is the normal usecase? Can i store it simple on the internal storage?



Thanks for any help.










share|improve this question





























    0















    I've got some question. I being using KeyStore for store sensitive data in my React Native Application.



    Where do i need to store my AES Key? And where must i store the encrypted data(for example an token). What is the normal usecase? Can i store it simple on the internal storage?



    Thanks for any help.










    share|improve this question



























      0












      0








      0


      1






      I've got some question. I being using KeyStore for store sensitive data in my React Native Application.



      Where do i need to store my AES Key? And where must i store the encrypted data(for example an token). What is the normal usecase? Can i store it simple on the internal storage?



      Thanks for any help.










      share|improve this question
















      I've got some question. I being using KeyStore for store sensitive data in my React Native Application.



      Where do i need to store my AES Key? And where must i store the encrypted data(for example an token). What is the normal usecase? Can i store it simple on the internal storage?



      Thanks for any help.







      android keystore android-keystore






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 15 '18 at 13:04









      Fantômas

      32.7k156389




      32.7k156389










      asked Nov 15 '18 at 9:34









      YakalentYakalent

      237415




      237415
























          2 Answers
          2






          active

          oldest

          votes


















          2














          You should store the AES key in the keystore. On some devices this might go to secure hardware if it is supported, resulting in more secure option. However, keystore backed AES is supported starting with API 23. If you're targeting lower API, then I would suggest that you generate an RSA key that will be used for AES key wrapping. The AES key is then stored encrypted in shared preference and RSA in keystore. As for data, you can store the data in shared preference or database. It doesn't really matter.



          However, note that as long as the key is not stored in secure hardware, there isn't much stopping the attacker from retrieving the key with enough effort and skills.






          share|improve this answer































            2














            You could store that data in sharedpreference or in Database. But storing in shared preference is always good choice.






            share|improve this answer























              Your Answer






              StackExchange.ifUsing("editor", function () {
              StackExchange.using("externalEditor", function () {
              StackExchange.using("snippets", function () {
              StackExchange.snippets.init();
              });
              });
              }, "code-snippets");

              StackExchange.ready(function() {
              var channelOptions = {
              tags: "".split(" "),
              id: "1"
              };
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function() {
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled) {
              StackExchange.using("snippets", function() {
              createEditor();
              });
              }
              else {
              createEditor();
              }
              });

              function createEditor() {
              StackExchange.prepareEditor({
              heartbeatType: 'answer',
              autoActivateHeartbeat: false,
              convertImagesToLinks: true,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: 10,
              bindNavPrevention: true,
              postfix: "",
              imageUploader: {
              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
              allowUrls: true
              },
              onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              });


              }
              });














              draft saved

              draft discarded


















              StackExchange.ready(
              function () {
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53316333%2fwhere-to-store-aes-key-and-data-using-keystore%23new-answer', 'question_page');
              }
              );

              Post as a guest















              Required, but never shown

























              2 Answers
              2






              active

              oldest

              votes








              2 Answers
              2






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes









              2














              You should store the AES key in the keystore. On some devices this might go to secure hardware if it is supported, resulting in more secure option. However, keystore backed AES is supported starting with API 23. If you're targeting lower API, then I would suggest that you generate an RSA key that will be used for AES key wrapping. The AES key is then stored encrypted in shared preference and RSA in keystore. As for data, you can store the data in shared preference or database. It doesn't really matter.



              However, note that as long as the key is not stored in secure hardware, there isn't much stopping the attacker from retrieving the key with enough effort and skills.






              share|improve this answer




























                2














                You should store the AES key in the keystore. On some devices this might go to secure hardware if it is supported, resulting in more secure option. However, keystore backed AES is supported starting with API 23. If you're targeting lower API, then I would suggest that you generate an RSA key that will be used for AES key wrapping. The AES key is then stored encrypted in shared preference and RSA in keystore. As for data, you can store the data in shared preference or database. It doesn't really matter.



                However, note that as long as the key is not stored in secure hardware, there isn't much stopping the attacker from retrieving the key with enough effort and skills.






                share|improve this answer


























                  2












                  2








                  2







                  You should store the AES key in the keystore. On some devices this might go to secure hardware if it is supported, resulting in more secure option. However, keystore backed AES is supported starting with API 23. If you're targeting lower API, then I would suggest that you generate an RSA key that will be used for AES key wrapping. The AES key is then stored encrypted in shared preference and RSA in keystore. As for data, you can store the data in shared preference or database. It doesn't really matter.



                  However, note that as long as the key is not stored in secure hardware, there isn't much stopping the attacker from retrieving the key with enough effort and skills.






                  share|improve this answer













                  You should store the AES key in the keystore. On some devices this might go to secure hardware if it is supported, resulting in more secure option. However, keystore backed AES is supported starting with API 23. If you're targeting lower API, then I would suggest that you generate an RSA key that will be used for AES key wrapping. The AES key is then stored encrypted in shared preference and RSA in keystore. As for data, you can store the data in shared preference or database. It doesn't really matter.



                  However, note that as long as the key is not stored in secure hardware, there isn't much stopping the attacker from retrieving the key with enough effort and skills.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 15 '18 at 13:12









                  aarnautaarnaut

                  193213




                  193213

























                      2














                      You could store that data in sharedpreference or in Database. But storing in shared preference is always good choice.






                      share|improve this answer




























                        2














                        You could store that data in sharedpreference or in Database. But storing in shared preference is always good choice.






                        share|improve this answer


























                          2












                          2








                          2







                          You could store that data in sharedpreference or in Database. But storing in shared preference is always good choice.






                          share|improve this answer













                          You could store that data in sharedpreference or in Database. But storing in shared preference is always good choice.







                          share|improve this answer












                          share|improve this answer



                          share|improve this answer










                          answered Nov 15 '18 at 13:08









                          Ramesh YankatiRamesh Yankati

                          68658




                          68658






























                              draft saved

                              draft discarded




















































                              Thanks for contributing an answer to Stack Overflow!


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid



                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.


                              To learn more, see our tips on writing great answers.




                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function () {
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53316333%2fwhere-to-store-aes-key-and-data-using-keystore%23new-answer', 'question_page');
                              }
                              );

                              Post as a guest















                              Required, but never shown





















































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown

































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown







                              Popular posts from this blog

                              Bressuire

                              Vorschmack

                              Quarantine