Reputation: 3215
Secure key for android database
Is there any algorithm to generate an encrypted key in android to secure a database?
I tried this PBE algorithm:
PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), salt,
NUM_OF_ITERATIONS, KEY_SIZE);
SecretKeyFactory factoryKey = SecretKeyFactory.getInstance(PBE_ALGORITHM);
SecretKey tempKey = factoryKey.generateSecret(pbeKeySpec);
SecretKey secretKey = new SecretKeySpec(tempKey.getEncoded(), "AES");
But it generates the same key every time. Any other good algorithms for generating a secure key?
Upvotes: 3
Views: 194
Answers (2)
Reputation: 31799
Typically to achieve what you want you use your PBE key to encrypt/decrypt a random key (that you must store, keep it separate from your data as best you can) which you use to encrypt/decrypt your data. Then your data ciphertext, by itself, has no direct relation to your password without the encrypted keys.
Upvotes: 1
Reputation: 3322
To generate a random secret key, use the KeyGenerator class, with code something like this:
KeyGenerator kgen = KeyGenerator.getInstance("AES");
kgen.init(KEY_SIZE);
SecretKey skey = kgen.generateKey();
Note that you will obviously have to store this key securely somewhere if you wish to decrypt your database later, hence it may be worthwhile to pursue the PBE-based solution proposed in your question.
Upvotes: 2
Related Questions
- Android database encryption
- Encrypting Android app Data sent to MySQL DB
- Android encrypt/decrypt sqlite database 100% secure
- How to protect my encryption key in Android?
- how to securely store encryption keys in android?
- Securely Storing Keys in Android Keystore
- Android encryption database
- Encryption conundrum
- Secure database storage in Android
- Android: How to encrypt your own database in Android