How to store the key used to encrypt files in android by using AES algorithm

Question

im try develop a encryption app for android by using AES algorithm ,where should i store the key. the idea is that the user provides a password and a key is generated.how can i do this process safer.thanks in advance

score 3 · Answer 1 · answered Oct 21 '12 at 12:24

3

im try develop a encryption app for android by using AES algorithm ,where should i store the key. the idea is that the user provides a password and a key is generated

Then you do not store the key. When the user supplies the password -- either for the initial encryption or for later decryption -- you generate the key from the password.

answered Oct 21 '12 at 12:24

CommonsWare

986,068
189
2,389
2,491

Question: what do you do with the key generated via PBKDF2 if you want to use it for decrypting later? – Joe Plante Mar 08 '13 at 20:27
@JoePlante: I suspect that you attached your comment to the wrong answer. – CommonsWare Mar 08 '13 at 20:29
Ah, I'm thinking of another situation – Joe Plante Mar 08 '13 at 20:32

score 1 · Answer 2 · edited May 23 '17 at 10:34

As @CommonWare indicates, you should generate a key from the password. The correct way to do this is using the PBKDF2 algorithm together with a salt (*). There are other good algorithms such as bcrypt and scrypt, but PBKDF2 is the most established standard. For Android implementations, see PBKDF2 function in Android.

(*) The salt is a random number that is required as part of the PBKDF2 algorithm. This salt is not a secret; you can store it any way you like. But you need to keep track of it for later decryption. Typically you prepend the salt, along with the random IV used by CBC, to the ciphertext when you store it.

How to store the key used to encrypt files in android by using AES algorithm

2 Answers2