存储在Android密钥 [英] Storing a secret key on Android
问题描述
我的Android应用程序使用一个密钥生成进行身份验证令牌。有没有更安全的方式来存储这些不只是把这个在数据存储?我想为iPhone,我们将其存储在钥匙串中。我知道android.accounts.AccountManager,但这似乎给潜在的其它应用程序访问密码(如果用户选择了错误的选项)等似乎不太安全的能力。
My Android application uses a secret key to generate a token for authentication purposes. Is there a more secure way to store this than just putting this in the data store? I think for the iPhone, we store it in the keychain. I am aware of android.accounts.AccountManager, but this seems to give other applications potentially the ability to access the password (if the user selects the wrong option) and so seems less secure.
推荐答案
安卓(不幸)不提供一种方式来做到这一点。我以前用过的方法是将此令牌与应用程序中产生的另一个密钥进行加密。
Android (unfortunately) does not provide a way to do so. The approach I've used before is to encrypt this token with another key generated within the app.
您的应用程序键,可算法生成。然而,这仅仅是作为安全的,因为你的算法。一旦知道这相当于存储令牌以纯文本格式。
Your app key can be algorithmically generated. This, however, is only as secure as your algorithm. Once that is known this is equivalent to storing the token in plain text.
这篇关于存储在Android密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
