在android系统中存储​​凭据 [英] storing credentials in android

问题描述

我应该如何存储在我的应用我创建我自己的用户凭据？我不会设置任何服务器我只是通过USB接口直接安装应用程序到我的手机。我想要做的是有自己输入用户名/密码关联到该帐户，基本上是相同的，因为大多数其他应用程序。唯一不同的是我不会设置任何服务器，因为我是新的，根本不知道该怎么做。所以考虑到这一点可能我存储在数据库中，并从那里拉动信息，或者像我敢肯定跑不掉，有没有更简单的方法这个由Android提供的？做

how should i store user credentials in my app i'm creating for myself? i'm not setting up any servers i'm just installing the app directly to my phone via USB. what i'm trying to do is have myself enter a username/password to associate to the account, basically the same as most other apps. the only difference is i'm not setting up any servers since i'm new and would have no idea how to do that. so with this in mind could i get away with storing in a database and pulling the info from there, or, as i'm sure of, is there an easier way to do this provided by android?

请注意：我非常新的，我有病书本知识所以我只是不断增长我的知识，因为我需要它来构建应用程序说。我基本上寻找做到这一点最简单的技术，将在稍后最终扩展。谢谢你们我AP preciate任何有很大的帮助！

note: i am very new and am sick of book-learning so i'm just growing my knowledge as i need it to build said app. i'm basically looking for the easiest technique to do this and will eventually expand on it later. thanks guys i appreciate any help a lot!

推荐答案

在回应<一个href=\"http://stackoverflow.com/questions/31731083/storing-credentials-in-android/31731129#comment51397933_31731129\">my评论（因为我无法找到任何其他SO问题一个简单的例子），这是一个有点评论code的散列，存储和检查凭证。如果您想了解盐并的密码散列，维基百科有一些有用的信息。

In response to my comment (and because I couldn't find a simple example in any other SO question), this is a bit of commented code to hash, store and check credentials. If you want to understand salting and password hashing, Wikipedia has some good information.

保存：

void saveCredentials(String username, String password) {
 /* create some random salt bytes - the value doesn't need to be secret (which is
  why we can save it) but it must be unpredictable and unique per-user */
 SecureRandom sr = new SecureRandom();
 byte[] salt = new byte[16];
 sr.nextBytes(salt);

  // hash the (salt + password)
  // hashing algorithms vary, but for now, SHA256 is a reasonable choice
  try {
     MessageDigest hasher = MessageDigest.getInstance("SHA-256");
     hasher.update(salt);
     hasher.update(password.getBytes("UTF-8"));
     byte[] hashedbytes = hasher.digest();

     // we can now save the salt and the hashed bytes to a file,
     //  SharedPreference or any other storage location
     savedata(username, salt, hashedbytes);

  } catch (Exception e) {
     // do something sensible on errors
  }

}

检查：

boolean checkPassword(String username, String password) {
  // read the info for the user that we saved in storage
  byte[] salt = readdata(username, "salt");
  byte[] correcthash = readdata(username, "pwdhash");

  // hash the password we are checking in the same way that we did
  // for the original password
  try {
     MessageDigest hasher = MessageDigest.getInstance("SHA-256");
     hasher.update(salt);
     hasher.update(password.getBytes("UTF-8"));
     byte[] testhash = hasher.digest();

     // if the password is correct, the two hashed values will match
     // - if it's wrong, the hashed values will have one or more
     // bytes that do not match
     for (int i=0; i < testhash.length; i++) {
         if (testhash[i] != correcthash[i])
             return false;  // mismatch - wrong password
     }

     // if we reach here, all the hash bytes match, so the password
     // matches the original
     return true;

  } catch (Exception e) {
     // do something sensible on errors
  }

  return false;
}

这篇关于在android系统中存储​​凭据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！