“This is the sixth day of my participation in the August More Text Challenge.
An overview of
The Security library provides implementations of Security best practices related to reading and writing static data and key creation and validation.
The library uses builder mode to provide security defaults for the following security levels:
- Strong security balancing reliable encryption with good performance This level of security applies to consumer applications such as banking applications and chat applications, as well as enterprise applications that perform certificate revocation checks.
- Maximum security This security level applies to hardware – supported key stores and applications that require user intervention to provide key access.
The secret key management
- The Security library can use multiple sets of secret keys and can encrypt files and SP. The secret key set is stored in sp
- The primary key is stored in the system key library
Security encryption operation
Rely on
Using the Security library requires importing the following dependencies
implementation("Androidx. Security: security - crypto: 1.0.0")
implementation("Androidx. Security: the security identity - the credential: 1.0.0 - alpha02")
implementation("Androidx. Security: security - app - the authenticator: 1.0.0 - alpha02")
androidTestImplementation("Androidx. Security: security - app - the authenticator: 1.0.0 - alpha01")
Copy the codeExisting problems
The minimum API version supported by the Security library is 24. We have the following two solutions:
-
Manifest declared in the < USES – SDK tools: overrideLibrary = “androidx. Security. Identity. The credential, androidx. Security” / >
-
Upgrade the minimum API version to 24, but this will require adaptation for both above and below API24
Use Security to encrypt files
Write encrypted data
Unable to repeat write
To repeatedly write data to a file that already existsopenFileOutputMethod throws an exception because the write cannot be repeated. See comment:
Write data:
- code
-
The encryptedFile. Builder in this example takes the longest to build, 300-600ms on my phone, so try not to use encryption for non-sensitive files
-
There’s also a lot of data bloat stored in files, which means more storage space is taken up
val encrypt = EncryptedFile.Builder(
getFile("Anandzhuo write file encrypted data.txt").apply {
if (exists()) {// Delete the file if it already exists
delete()
}
},
this@MainActivity."Write a random key.",
EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB
).build()
startRecord()
encrypt.openFileOutput().apply {
write("Write whatever dot string you want".toByteArray(charset = Charsets.UTF_8))
flush()
close()
}
Copy the code- The effect
Read encrypted data
Val encrypt = encryptedFile. Builder(getFile(" encrypt "), this@MainActivity, "write a key", EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB ).build() startRecord() val bytes = BufferedInputStream(encrypt.openFileInput()).readBytes() val result = String(bytes, charset = Charsets.UTF_8)Copy the codeUse Security to encrypt SharePreference
The Security library provides EncryptedSharedPreferences to encrypt the key – value of deposited in the sp
But the well-known sp is a pit dad, so still should only apply EncryptedSharedPreferences on sensitive data is stored
Write data to Shar
share = EncryptedSharedPreferences.create( "encryptdata", "key", this@MainActivity, EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV, EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM ) share.edit().let { it.putString("key", "SharePreference data ") it. Apply ()}Copy the codeRead data from SharePreference
share = EncryptedSharedPreferences.create(
"encryptdata",
"key",
this@MainActivity,
EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
)
val value = share.getString("key", "")
Copy the code