According to the Android Keystore documentation when we generate secret keys using Secure Element modules (SE) such keys are stored in a secure storage inside the module itself.
Does anyone know the size of such storage? The size would determine how many keys I can generate before running out of storage.
Related
I created Android app using Android Studio for my bachelorĀ“s thesis. I have to submit my Android Studio project, which will be on schools website and anyone could downloaded.
Are there any sensitive data, which I should delete before publishing?
Any API keys for any external API you are using.
MD5 hashes or Google play store strings.
Keystore files.
.idea files which might have your name or computer name.
Can't really think of anything else.
You public repo should not have secret keys.
Some useful links for hiding secret keys
https://stackoverflow.com/a/34021467/6891563
https://stackoverflow.com/a/46962852/6891563
I would like to make video/audio/pdf files hidden inside Internal/External storage in Android. Our requirement is making the files visible only in our Android application but not any other apps like Es File Explorer and not even when connecting the device to Desktop/Laptop.
I have googled it a lot and found the following ways but with few disadvantages.
Creating folder/file with prefix "." - It has the disadvantages that we cannot prevent it to be visible in some File explorer apps with the option "Show hidden files" and we cannot prevent the files from getting displayed when connected to Desktop/Laptop.
Storing the files inside App specific folder - Storing large memory files in the path returned by android.Content.Context.getFilesDir() will lead to the poor performance of the device and most of the devices will not have large internal memory size.
How to overcome the disadvantages and make our application to meet the requirement ?
Well hiding files to user accessable storage is not recommend without encryption.
Youtube,Gaana, saavan, hotstar all these media related apps used to encrypt their data and stores in data location which is visible to users but they can't share or use in other ways as the data is encrypted.
You can use CipherOutputStream and CipherInputStream for encryption and decryption of file in android.
There are two ways through which you can achieve your goal
Download a file and encrypt it, when you want to play that file decry-pt it in a temporary file and play it which I not recommend as it can increase the chances of data grabbing.
if you want to play encrypted file on the fly (not decrypting it in a temp file) then you can use Libmedia library. It streams encrypted file on local host and play it from there
Original answer : https://stackoverflow.com/a/35426842/9565955
Your first proposed solution won't work since it would make files accessible to anyone.
Second solution is perfect if you have limited file sizes. In case of large memory files it is always better to store them in External storage. But this would make it publicly accessible. To prevent that you can encrypt the files and store them in external storage.
Some suggestions while doing so :
Randomise the filenames so won't be easy to guess.
Refer this for simple file encryption.
Do not use static key for encryption as it can be reverse
engineered. Use different key for every file.
Do not store the original key in db/shared preference. Store the
hash of it instead.
You can even hash the key n times and then store in db. This would
make procedure a bit slow but provides more security as one has to
know the exact value of n to get the original key.
For added security you can even consider using Android's KeyStore to
derive the IV.
I am developing an android application that contains a database previously encrypted SQLCipher in the "assets" directory. This SQLite database is copied from the directory "assets" to the application data directory.
The application makes use of SQLCipher to decrypt and access the data from the database, but the problem is that the key to the database is stored in a String, which, if someone decompile the APK file can be obtained the key.
Is there any way to protect the key to not be able to get that key to decompile the APK?
PS If you do not understand me, do not write well in English, because I am Spanish.
We provide some guidance on key material and selection here for SQLCipher, please note that hardcoding a key in application code is not suitable for any secure implementation.
I am picking up an Android application after a year away from the codebase. I attempted to export a signed application package but cannot for the life of me remember where the original keystore was. I also don't know the name of the keystore file (and it appears that keystores don't have a file extension either).
What are my options for retrieving the keystore so I can submit an update to the Play store?
Don't waste your time.
There no way to submit an update without having the same keystore files,
unless you find the keystore that was used to the submitted app.
Keystore files does not have an extension. What I do is to a .keystore extension when saving them.
e.g. someName.keystore
This way I can search them and find them easier.
This is NOT a request to extract the private key from a .apk file.
I am having a problem signing a new .apk file with same key as the old .apk. This is important to do because it is required by Google in order to update the app in Google Play.
I am "sure" that I have the keystore file and passwords, but I am still having a problem.
One of the debugging steps I would like to perform is extracting any information about the key from the old .apk file. I know I cannot get the private key itself (for obvious reasons). I just want to see the name or other information so I can do a sanity check on getting the keys to match.
My questions are:
1) What information can be extracted from a .apk file regarding key and keystore used to sign it?
2) How do I extract that information?
My preferred platform is Mac, but I can use Linux or Windows as well.