问题描述
目前,我正在开发oAuth 1和2访问webservices的框架,我的问题是,如何以安全的方式存储敏感数据,如oAuth访问密钥?这个键的问题是,一些平台,如twitter使用永久密钥,如果有人可以访问这个密钥,他可以使用用户twitter帐户做任何他想要的。
是否可以在数据存储在共享首选项之前自动加密数据?还是有更好的方式/地方存储非常重要的数据?
更新 - 另请阅读:
1)。如何加密?
在Android上,加密通过Java加密体系结构(JCA)完成。主要是 javax.crypto。*
包。
这是一个。
更新:由于API级别为8,API的 android.util.Base64
。
Im currently developing a framework for oAuth 1 and 2 access to webservices and my question is, how do i store sensitive data like an oAuth access key in a secure way?the problem with this keys is that some platforms like twitter use a permanent key and if someone would get access to this key he could do whatever he wants with the users twitter account..
so is it possible to automatically encrypt the data before it is stored in the shared preferences? Or is there a better way/place to store very important data?
UPDATE - ALSO READ: What is the most appropriate way to store user settings in Android application
1). How to encrypt?
On Android the encryption is done via Java Cryptography Architecture (JCA). Mainly it is the javax.crypto.*
package.
Here is an example of JCA API usage (AES alrorithm in particular).
2). Where to store?
Encryption API manipulates with byte arrays (not strings). This means you can use SharedPreferences
, but you'll need to apply Base-64 encoding on the encrypted byte array before putting it into SharedPreferences
(otherwise XML parser will fail to read the shared preferences file). Then to read you will need to use Base-64 decoding. Note that by default most Android OS versions do not have a built in Base-64 API (see UPDATE section). So to remove this Base-64 overhead I would recommend just to store your bytes in a private file.
UPDATE: Since API Level 8, the API has android.util.Base64
.
这篇关于加密SharedPreferences中的数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!