Secure preferences
•Download as PPTX, PDF•
0 likes•295 views
SecurePreferences is an Android library that allows developers to securely store sensitive data like passwords, tokens, and settings in SharedPreferences. It encrypts the values using AES-128 encryption and stores each key as a SHA-256 hash. Developers can generate encryption keys from passwords or use default keys. The library provides easy methods to get, set, remove and clear encrypted values from SharedPreferences.
Recommended
More Related Content
What's hot
What's hot (18)
Viewers also liked
Viewers also liked (20)
Similar to Secure preferences
Similar to Secure preferences (20)
Recently uploaded
Recently uploaded (20)
Secure preferences
- 2. What is SharedPreferences • Save and retrieve persistent key-value pairs of primitive data types • Save any primitive data: booleans, floats, ints, longs, and strings
- 3. Why use Secure- preferences • Protect secret data 1.password 2.token 3.setting
- 4. Secure mechanism • Encrypts the values using AES 128, CBC, and PKCS5 • Each key is stored as a one way SHA 256 hash • Both keys and values are base64 encoded before storing into prefs xml file
- 5. Secure data
- 6. How to use public SharedPreferences getSharedPreferences() { if(mSecurePrefs==null){ mSecurePrefs = new SecurePreferences(this, "", "my_prefs.xml"); SecurePreferences.setLoggingEnabled(true); } return mSecurePrefs; }
- 7. public SharedPreferences getSharedPreferences1000() { try { AesCbcWithIntegrity.SecretKeys myKey = AesCbcWithIntegrity.generateKeyFromPassword( Build.SERIAL,AesCbcWithIntegrity.generateSalt(),1000); return new SecurePreferences(this, myKey, "my_prefs_1000.xml"); } catch (GeneralSecurityException e) { Log.e(TAG, "Failed to create custom key for SecurePreferences", e); } return null; } How to use public SharedPreferences getSharedPreferences() { if(mSecurePrefs==null){ mSecurePrefs = new SecurePreferences(this, "", "my_prefs.xml"); SecurePreferences.setLoggingEnabled(true); } return mSecurePrefs; }
- 8. How to use public SharedPreferences getSharedPreferences() { if(mSecurePrefs==null){ mSecurePrefs = new SecurePreferences(this, "", "my_prefs.xml"); SecurePreferences.setLoggingEnabled(true); } return mSecurePrefs; } public SharedPreferences getSharedPreferences1000() { try { AesCbcWithIntegrity.SecretKeys myKey = AesCbcWithIntegrity.generateKeyFromPassword( Build.SERIAL,AesCbcWithIntegrity.generateSalt(),1000); return new SecurePreferences(this, myKey, "my_prefs_1000.xml"); } catch (GeneralSecurityException e) { Log.e(TAG, "Failed to create custom key for SecurePreferences", e); } return null; } public SecurePreferences getUserPinBasedSharedPreferences(String password){ if(mUserPrefs==null) { mUserPrefs = new SecurePreferences(this, password, "user_prefs.xml"); } return mUserPrefs; }
- 9. public void onGetButtonClick(View v) { final String value = getSharedPref().getString(MainActivity.KEY, null); toast(MainActivity.KEY + "'s, value= " + value); } public void onSetButtonClick(View v) { getSharedPref().edit().putString(MainActivity.KEY, MainActivity.VALUE) .commit(); toast(MainActivity.KEY + " with enc value:" + MainActivity.VALUE + ". Saved"); } public void onRemoveButtonClick(View v) { getSharedPref().edit().remove(MainActivity.KEY).commit(); toast("key:" + MainActivity.KEY + " removed from secure prefs"); } public void onClearAllButtonClick(View v) { getSharedPref().edit().clear().commit(); updateEncValueDisplay(); toast("All secure prefs cleared"); }
- 10. Put value putString(String key, String value) hashPrefKey(String prefKey) encrypt(String cleartext) encrypt(byte[] plaintext, SecretKeys secretKeys) new CipherTextIvMac(byteCipherText, iv, integrityMac) toString() public static CipherTextIvMac encrypt(byte[] plaintext, SecretKeys secretKeys) throws GeneralSecurityException { byte[] iv = generateIv(); Cipher aesCipherForEncryption = Cipher.getInstance(CIPHER_TRANSFORMATION); aesCipherForEncryption.init(Cipher.ENCRYPT_MODE, secretKeys.getConfidentialityKey(), new IvParameterSpec(iv)); /* * Now we get back the IV that will actually be used. Some Android * versions do funny stuff w/ the IV, so this is to work around bugs: */ iv = aesCipherForEncryption.getIV(); byte[] byteCipherText = aesCipherForEncryption.doFinal(plaintext); byte[] ivCipherConcat = CipherTextIvMac.ivCipherConcat(iv, byteCipherText); byte[] integrityMac = generateMac(ivCipherConcat, secretKeys.getIntegrityKey()); return new CipherTextIvMac(byteCipherText, iv, integrityMac); }
- 11. putString(String key, String value) hashPrefKey(String prefKey) encrypt(String cleartext) encrypt(byte[] plaintext, SecretKeys secretKeys) new CipherTextIvMac(byteCipherText, iv, integrityMac) toString() public String toString() { String ivString = Base64.encodeToString(iv, BASE64_FLAGS); String cipherTextString = Base64.encodeToString(cipherText, BASE64_FLAGS); String macString = Base64.encodeToString(mac, BASE64_FLAGS); return String.format(ivString + ":" + macString + ":" + cipherTextString); } Put value
- 12. Get valuegetInt(String key, int defaultValue) decrypt(final String ciphertext) new AesCbcWithIntegrity.CipherTextIvMac(ciphertext) decryptString(cipherTextIvMac, keys) public static byte[] decrypt(CipherTextIvMac civ, SecretKeys secretKeys) throws GeneralSecurityException { byte[] ivCipherConcat = CipherTextIvMac.ivCipherConcat(civ.getIv(), civ.getCipherText()); byte[] computedMac = generateMac(ivCipherConcat, secretKeys.getIntegrityKey()); if (constantTimeEq(computedMac, civ.getMac())) { Cipher aesCipherForDecryption = Cipher.getInstance(CIPHER_TRANSFORMATION); aesCipherForDecryption.init(Cipher.DECRYPT_MODE, secretKeys.getConfidentialityKey(), new IvParameterSpec(civ.getIv())); return aesCipherForDecryption.doFinal(civ.getCipherText()); } else { throw new GeneralSecurityException("MAC stored in civ does not match computed MAC."); } } new String(decrypt(civ, secretKeys), encoding)
- 13. Q & A