1

I want to write an application that encrypts/decrypts strings with RSA. I have previously created the RSA key pair with openssl and converted it to DER. Now, I want this keys to be read from my android application:

Where I am supposed to store them?

Thank you,

Ullfoll
  • 163
  • 3
  • 12
  • click below link to see answer of your question "store RSA keyPair " http://stackoverflow.com/questions/9890313/how-to-use-keystore-in-java-to-store-private-key – Arpana Jan 14 '14 at 18:02

1 Answers1

1

Your application can store state in two places: the SD card; and the application's own private storage.

The SD card is completely public and everyone can access (and modify) the files there.

Your application's private data directory is supposed to be secure, in that only your application (and other apps that your application trusts) can access it, but in practice if the phone's been rooted it's trivial to copy files out of it.

See the openFile*() and openOrCreateDatabase() methods in the documentation for Context for access to your private data directory.

David Given
  • 13,277
  • 9
  • 76
  • 123
  • So if I store them on res/raw – Ullfoll Mar 01 '11 at 18:11
  • res isn't a real file system --- it just represents the read-only files in your .apk file. If you ask the system to open a file there it'll extract it on the fly for you. And, of course, because the .apk is just a zipfile, it means that *everyone* can get at your encryption key... – David Given Mar 02 '11 at 11:55
  • THREE places - an app can also store state in the Settings app. – Peter vdL Oct 07 '11 at 21:57