The very idea of cache is unsecure by nature... it's almost always functionally unnecessary unless we're talking of things like memoization etc... but since you mention a "media" app, I guess that's a cache for pictures, videos etc...
Good point is: if a media app wants to really focus on security should it use a caching system ? ---------- CRYPTOANALYZER ---------- Sent from ProtonMail, encrypted email based in Switzerland. Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Sunday, 5 July 2020 г., 17:38, Zenaan Harkness <z...@freedbms.net> wrote: > In app media cache ought be in a crypt by default. Has anyone done this > before and can give hints? > > Platforms: initially android, but should be compilable for others including > Linux > > Object types: avatars, tweets, associated media including images and even > vids - whatever is in a standard social media 'stream'. > > Obviously cache needs to be parameterizable as to size, eviction policy, but > it's not going to be unencrypted. > > Come to think of it, FreeNet's code might be good, at the very least as a > tutorial - but experience is always valuable, so if you have some experience > you can share, please do. > > To simplify eviction, objects should be separate files, compressed prior to > saving, with one or more indices (also encrypted) for the application to do > it's thing efficiently, including store, lookup, read and re-enrypt when an > object is to be on-forwarded. > > Content addressed in some way of course - git has lead the way on this > principle - we just must make sure that if the user does not give up his > password, anything lying around must meet some minimum "hiddenness" standard. > > Possible libs: > > Tuweni > > ======= > > https://github.com/apache/incubator-tuweni > https://tuweni.apache.org > > Ancient Nacl-Java > > ================== > > https://github.com/freeeve/nacl-java > > looks like a one man band, not updated for 5yrs > > ================================================ > > Libsodium > > ========== > > https://github.com/jedisct1/libsodium > https://doc.libsodium.org/ > https://doc.libsodium.org/bindings_for_other_languages > > "complete security audit" > > ========================== > > Seems to be used by Tuweni > > =========================== > > Docs: > > Java Cryptography Architecture (JCA) Reference Guide > > ===================================================== > > https://docs.oracle.com/javase/7/docs/technotes/guides/security/crypto/CryptoSpec.html > > Tutorials: > > https://www.tutorialspoint.com/java_cryptography/index.htm > https://www.tutorialspoint.com/java_cryptography/java_cryptography_encrypting_data.htm > > simple block encryption > > ======================== > > Java - Asymmetric Cryptography example - Mkyong.com > > ==================================================== > > https://mkyong.com/java/java-asymmetric-cryptography-example/ > > https://github.com/amiralis/Java-crypto-tutorial > > Encrypting and Decrypting Files in Java | Baeldung > https://www.baeldung.com/java-cipher-input-output-stream > > How to easily encrypt and decrypt text in Java > https://www.adeveloperdiary.com/java/how-to-easily-encrypt-and-decrypt-text-in-java/ > > Encrypt and Decrypt file/stream in Java > https://self-learning-java-tutorial.blogspot.com/2017/09/encrypt-and-decrypt-filestream-in-java.html