Web Application Security
encryption in android apps Jan 09 2013 10:00AM
saghar estehghari (s estehghari gmail com) (2 replies)
Re: encryption in android apps Jan 09 2013 12:32PM
Scott Herbert (scott a herbert googlemail com)

If you've access to the PIN from withing the app. encrypt the key with
the PIN (or a hash of the PIN) then you can keep the PIN in memory and
decript the key file where needed.

or just use the PIN (or hash) as the key.

On 09/01/2013 10:00, saghar estehghari wrote:
> Hi,
>
> In my android application I need to save several sensitive files and I
> want to encrypt them.
> But I have doubts the way to store the key on the device!
> The application is protected with PIN code and the is also
> communication with the back-end server. But such communication should
> be as
> less as possible. This implies that I can't store the secret key on
> the server and get it whenever needed.
> So does anybody has a practical solution?
>
> Thanks
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (MingW32)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQEcBAEBAgAGBQJQ7WNbAAoJEJHf3PUjVwdRmW0H/0LVBYTZvcy/ONhUyZo7/rRt
H86QqAOn8K5TVnTOQwV/BVXkXcCr92qONvIs6svnnsLnrLXoatWDXld+RXnsIS/6
gDaWlEUnmFLxcJaUzznwDbkaKiKmUUH9YhkKfkDb6hWPiLKksDZv4UmIlwVr+sCt
6m9GKqFEMlvCNbHPB2w8GVgTPIAneVrFoi0twKydxok+8rRNED/rYfCMtXTalqHy
k1f4y42LX5msBJ34a+/cSfoEU+56la6uO5ry/hLrlh6GTfu3mAomEam1fJSzVGmf
ex3jay28ta3kDUUJXlcAT/L80Ia/o2oe7rA4BmYJwcEY2gmHVM8dj88Q10Ogc34=
=z9Ux
-----END PGP SIGNATURE-----

[ reply ]
Re: encryption in android apps Jan 09 2013 12:20PM
Jamie Riden (jamie riden gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus