Android – Storing RSA Private Key Android

androidencryptionprivate-keystorage

During the creation of simple messaging android application that is to encrypt/decrypt messages and send them through internet, I decided to use RSA public/private key encryption. Question is how to store private key, so that even if phone is maliciously rooted, the key would stay safe? As far as I understood, KeyStore is used for certificates, and cannot be used for this? Should I encrypt private key as text file with AES? I have very little experience with security, so please feel free to correct my ideas, and give your opinion!

Kind Regards.

Best Answer

I think KeyStore could be suitable for your use. It is able to store RSA keys and encrypts them using AES so even with root access, they cannot be extracted without the password or bruteforcing.

There's a good post here about using KeyStore: http://nelenkov.blogspot.fr/2012/05/storing-application-secrets-in-androids.html

Related Solutions

Android – How to close/hide the Android soft keyboard programmatically

You can force Android to hide the virtual keyboard using the InputMethodManager, calling hideSoftInputFromWindow, passing in the token of the window containing your focused view.

// Check if no view has focus:
View view = this.getCurrentFocus();
if (view != null) {  
    InputMethodManager imm = (InputMethodManager)getSystemService(Context.INPUT_METHOD_SERVICE);
    imm.hideSoftInputFromWindow(view.getWindowToken(), 0);
}

This will force the keyboard to be hidden in all situations. In some cases, you will want to pass in InputMethodManager.HIDE_IMPLICIT_ONLY as the second parameter to ensure you only hide the keyboard when the user didn't explicitly force it to appear (by holding down the menu).

Note: If you want to do this in Kotlin, use: context?.getSystemService(Context.INPUT_METHOD_SERVICE) as InputMethodManager

Kotlin Syntax

// Only runs if there is a view that is currently focused
this.currentFocus?.let { view ->
    val imm = getSystemService(Context.INPUT_METHOD_SERVICE) as? InputMethodManager
    imm?.hideSoftInputFromWindow(view.windowToken, 0)
}

Android – How to stop EditText from gaining focus at Activity startup in Android

Excellent answers from Luc and Mark. However, a good code sample is missing. Adding the tags android:focusableInTouchMode="true" and android:focusable="true" to the parent layout (e.g. LinearLayout or ConstraintLayout) like in the following example, will fix the problem.

<!-- Dummy item to prevent AutoCompleteTextView from receiving focus -->
<LinearLayout
    android:focusable="true" 
    android:focusableInTouchMode="true"
    android:layout_width="0px" 
    android:layout_height="0px"/>

<!-- :nextFocusUp and :nextFocusLeft have been set to the id of this component
to prevent the dummy from receiving focus again -->
<AutoCompleteTextView android:id="@+id/autotext"
    android:layout_width="fill_parent" 
    android:layout_height="wrap_content"
    android:nextFocusUp="@id/autotext" 
    android:nextFocusLeft="@id/autotext"/>

Best Answer

Related Solutions

Android – How to close/hide the Android soft keyboard programmatically

Android – How to stop EditText from gaining focus at Activity startup in Android

Related Topic