Reputation: 831
How to access RSA private key at start of an app?
I want to have a RSA pair key (private and public key) saved before running so i can send my encrypted message(with public key) and when server gives me a result back, decrypt it using private key.
Obviously i want my private key to be safe from any vulnerability such as exposure. I don't want to generate/store it in Run Time(like using keystore). It should exists with application package.
bottom line i don't want to generate RSA key pairs each time i run my app, because i want to put those in my server too and i want a secure way to store them(there are some ways to extract things.
Upvotes: 0
Views: 805
Answers (1)
Reputation: 39261
I do not recommend to embed a RSA encryption/decryption keypair in your app because:
If the key is compromised then the security of your system is affected completely and you will need to distribute a new app to all your users
The ciphertext size is limited by the key length
To encrypt/decrypt messages between client and server you just need to use a TLS channel (https).
Upvotes: 1
Related Questions
- Save and Retrieve KeyPair in AndroidKeystore
- How to store and retrieve an RSA public key in Android keystore which is generated from server side application?
- Unable to retrieve Private Key from KeyStore
- How to import RSA private key, which generated by openssl, into AndroidKeyStore
- Android Save RSA Private and Public Key
- Android - Encode & Decode RSA with Private Key?
- Android KeyStore - How to save an RSA PrivateKey
- How to sign Android application with RSA key
- Embedding private key into application code in Android
- Store RSA keypair in android