0

please am working on app that store sensitive user data on a database upon googling on how to do the answers point me to cwac saferoom since am using room for my database but the problem am facing are:

  1. Cwac saferoom required i pass in an edittable object meani g the same method i call on edittext to get the input string as passphrase i dont really know how make a that object out of a string

  2. How do i safely store the password on the device also

Please am using java

MikeT
  • 51,415
  • 16
  • 49
  • 68
Eidris
  • 117
  • 2
  • 10

1 Answers1

1

Cwac saferoom required i pass in an edittable object

Quoting the documentation: "The SafeHelperFactory constructor takes a either a byte[] or a char[] for the passphrase.". There is a utility method that takes an Editable, for the recommended path of getting the passphrase from the user. So, just create a SafeHelperFactory object via the constructor:

SafeHelperFactory factory = new SafeHelperFactory(thePassphraseFromTheUser);

i dont really know how make a that object out of a string

It is not a good idea to have a passphrase in a String. See:

But, for tests and stuff, call toCharArray() on your String to get a char[] to pass to the SafeHelperFactory constructor:

SafeHelperFactory factory = new SafeHelperFactory(stringPassphraseFromTheUser.toCharArray());

How do i safely store the password on the device also

Generally, you don't. You get the passphrase from the user.

If your minSdkVersion is 23 or higher, you could use androidx.security:security-crypto classes to store a generated passphrase in hardware-encrypted storage.

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
  • Thanks you very much, but the problem i have in regards to not saving the password offline is that i authenticate my user locally on the device in other grant them access after the first login that requires internet connection bacause of the poor Internet connection we have here in Africa, or can i trust proguard for this. – Eidris Nov 15 '19 at 05:34