Reputation: 23
Is storing keys in Bouncy Castle keystore more secure than storing them in shared preferences encrypted?
In my android application I need to securely store RSA, ECDH, AES and other keys. They will be encrypted/decrypted by using user-entered password. My options are: android keystore, bouncy castle UBER keystore, encrypt and store in shared preferences. Android key store is not an option as it does not encrypt keys with custom password. UBER seems to be good solution, however I have some problems storing my keys there, so I am thinking just to encrypt them wtih AES GCM and put in shared preferences, will this be less secure? Or maybe even more secure as AES GCM is better than Twofish which is used by bouncy castle?
Upvotes: 1
Views: 600
Answers (1)
Reputation: 21
Encrypting with AES-256 in GCM mode and then storing in shared preferences should be fine. AES-256 is part of the NSA Suite B specification, and is about as good as it gets right now for symmetric encryption. (https://en.wikipedia.org/wiki/NSA_Suite_B_Cryptography) That link makes note of the fact that the NSA expects to issue a new Suite recommendation soon that addresses quantum attacks on crypto -- but no such attacks are anywhere near feasible in the near (3-5) year term.
Upvotes: 0
Related Questions
- How to Secure Android Shared Preferences?
- How to store Android KeyStore passwords securely
- how to securely store encryption keys in android?
- Android -- Storing data on shared preferences
- KeyStore vs KeyChain
- Securely Storing Keys in Android Keystore
- Storing encrypted PrivateKey's to Java Keystores
- Storing keys in Android
- Secure place to save encryption keys
- Android - Storing private keys in keystore