JKennedy
Reputation: 18799
Is the KeyStore encrypted by default?
I currently have some code that stores my sensitive information in the KeyStore like so:
static readonly char[] Password = null;
//Create KeyStore
ks = KeyStore.GetInstance(KeyStore.DefaultType);
prot = new KeyStore.PasswordProtection(Password);
//AddUserName
var alias = MakeAlias("UserName", serviceId);
var usernameSecretKey = new SecretAccount(username);
var usernameEntry = new KeyStore.SecretKeyEntry(usernameSecretKey);
ks.SetEntry(alias, usernameEntry, prot);
now this has got PasswordProtection but the password is null.
Pulling my Keystore file off the device I can see the data is encrypted (not in plain text). But is this data encrypted enough or is it simple by decrypting by calling something like File.Decrypty(password = null);
Upvotes: 0
Views: 775
Answers (1)
SaravInfern
Reputation: 3388
Keystore is not encrypted by default but it contains the encrypted key information with it, which is password protected
https://docs.oracle.com/javase/7/docs/api/java/security/KeyStore.html
Upvotes: 1
Related Questions
- Android KeyStore Initialization
- Android Keystore's password protection
- What are my Keystore passwords when creating it using Visual Studio?
- KeyStore vs KeyChain
- Is android-keystore's password empty?
- Xamarin KeyStore PasswordProtection field
- What is keys which do not require encryption in KeyStore Provider?
- How is the Android keystore protected?
- Android android.credentials.UNLOCK Initializing keystore without password
- Android Keystore, secure value of key