6

Is it possible to save a string in the keystore and then retrieve it?

I have an AES password already generated, I just want to store it in a safer place than the database.

All the examples I have seen store an AES key that is generated at the moment. I can use this solution if I could have access to the original key to send it to the server, is this possible?

karthik
  • 528
  • 4
  • 19
Apyc
  • 307
  • 5
  • 12
  • Why dont you store password using shared preference – Syed Danish Haider Aug 07 '18 at 15:33
  • https://stackoverflow.com/questions/10890211/should-you-use-accountmanager-for-storing-usernames-and-passwords-for-an-android – Timo Aug 07 '18 at 15:41
  • 2
    @SyedDanishHaider That's a horrible idea. It would be in plaintext. You never store a password in plaintext. Preferably you never store it at all, – Gabe Sechan Aug 07 '18 at 15:53
  • Shared preference can be unsafe if not encryted – nyulan Aug 07 '18 at 15:55
  • Shared preference is good option to store password because applications won't be able to access your preferences, so the user's information is not easily exposed. – Syed Danish Haider Aug 07 '18 at 16:02
  • if you still want to encrpyt your data u can store your password base64 conversion.if you dont wanna go with shared preference.i will recommend you to go AccountManger. – Syed Danish Haider Aug 07 '18 at 16:05
  • 2
    Does this answer your question? [How Can I Use the Android KeyStore to securely store arbitrary strings?](https://stackoverflow.com/questions/27320610/how-can-i-use-the-android-keystore-to-securely-store-arbitrary-strings) – Josh Correia Jul 28 '20 at 19:05
  • https://stackoverflow.com/a/67779409/6314955 check this – Malith Kuruwita May 31 '21 at 19:40

1 Answers1

2

You can store the AES key into AndroidKeyStore safely. The keying material can be used by your application without exposing it.

But a key in AndroidKeyStore is not extractable, so in order to be able to send the AES key to server you will need to generate the key outside, and wrap it using an additional encryption key managed by AndroidKeyStore. Then the encrypted AES key can be stored in the device or even in the server

Please see my answer here with all options explained: how to securely store encryption keys in android?

pedrofb
  • 37,271
  • 5
  • 94
  • 142
  • Update to this: public keys *are* extract-able, just not private keys. –  Jul 05 '22 at 07:55