The more important question I think is why are you doing this, what
information are you trying to protect?
It seems like you're adding encryption for the sake of it, but in fact
your solution won't be much more secure against someone determined to
get at the file's contents. If the key is static, then it is easier to
break, but if it changes then it would need to be stored, making it
easier to access.
One alternative is to generate the secret-key using a sufficiently
hard to guess algorithm, using some information about the device, so
that the key used is very different for every user, reducing the
change of simple comparisons being able to break your encryption.
However, someone clever could still probably figure out how your
encryption works by examining the Java byte-code, as while it's tough
to get your head around it's not impossible to understand.
Perhaps in your case the effort required to break the encryption might
be more than it's worth to get into the file, but if you let us know
what kind of information you're hoping to store, then perhaps we can
give you some better solutions? If it's something "dangerous", like
payment details or something, then you need the most rock-solid
solution possible, but if it's something minor then encryption may be
a waste of time entirely.
On Aug 26, 2:46 pm, zeeshan <genx...@gmail.com> wrote:
> key never change once its been created.
>
> as i know SecretKey generates by a funtion as above, how can i set it
> as constant
> can you plz provide example?
>
> On Aug 26, 1:39 pm, Sujay Krishna Suresh <sujay.coold...@gmail.com>
> wrote:
>
>
>
> > On Wed, Aug 26, 2009 at 5:41 PM, zeeshan <genx...@gmail.com> wrote:
>
> > > key doesn't change.
> > > can i store keyString in preferences to retrieve for decryption
>
> > yes that'd be better than storin it in a file. But better to jus have a
> > constant field in ur class that cointains ur key.
>
> > > SecretKey key = KeyGenerator.getInstance("DES").generateKey();
> > > byte[] keybytes = key.getEncoded();
> > > String keyString = new String(keybytes);
>
> > If u r gonna execute these set of statements then wont the key change??
>
> > > or plz provide any example for the best practice
>
> > > On Aug 26, 12:28 pm, Sujay Krishna Suresh <sujay.coold...@gmail.com>
> > > wrote:
> > > > If it is only used by ur application, jus use a String instance to hold
> > > the
> > > > key. y store in a file??
> > > > ll the key change dynamically???
>
> > > > On Wed, Aug 26, 2009 at 4:55 PM, zeeshan <genx...@gmail.com> wrote:
>
> > > > > encryption and decryption is the app's internal functionality. user
> > > > > has nothing to do with this
> > > > > i encrypt the file on 1st run and on 2nd run i check if file is there
> > > > > then decrypt and show.
> > > > > so only thing i understand is to store the key somewhere in the app so
> > > > > i can access it for decryption.
> > > > > just wondering if this help
> > > > > File keyFile = new File("data/data/package name/key");
>
> > > > > i followed this link for encryption and decryption
>
> > > > >http://www.java2s.com/Tutorial/Java/0490__Security/UsingCipherInputSt.
> > > ..
>
> > > > > On Aug 26, 12:11 pm, Sujay Krishna Suresh <sujay.coold...@gmail.com>
> > > > > wrote:
> > > > > > I think its better to ask the user for the secret key rather than
> > > storin
> > > > > it
> > > > > > smwhere.
>
> > > > > > On Wed, Aug 26, 2009 at 4:30 PM, zeeshan <genx...@gmail.com> wrote:
>
> > > > > > > Hi Dear,
>
> > > > > > > i wrote a small application which encrypt some files using a
> > > > > > > secret
> > > > > > > key.
> > > > > > > i need to decrypt files on 2nd run which requires same key again
> > > > > > > plz advise where should i store the secret key.
>
> > > > > > --
> > > > > > Regards,
> > > > > > Sujay
> > > > > > Mike Ditka <
> > >http://www.brainyquote.com/quotes/authors/m/mike_ditka.html>
> > > > > -
> > > > > > "If God had wanted man to play soccer, he wouldn't have given us
> > > arms."
>
> > > > --
> > > > Regards,
> > > > Sujay
> > > > Pablo Picasso<
> > >http://www.brainyquote.com/quotes/authors/p/pablo_picasso.html>
> > > > - "Computers are useless. They can only give you answers."
>
> > --
> > Regards,
> > Sujay
> > Jonathan
> > Swift<http://www.brainyquote.com/quotes/authors/j/jonathan_swift.html>
> > - "May you live every day of your life."
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers-unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
-~----------~----~----~----~------~----~------~--~---
