If the keystore file is password protected, why not store it encrypted? Then have the user enter her password to start using the keystore and decrypt it on demand? I believe this is the approach used by many keystore implementations.
Cheers, Justin On Jun 10, 5:06 am, rayback_2 <[EMAIL PROTECTED]> wrote: > Hi > > My puprose is to safely store a secretkeys ,used for encryption/ > decryption process., in a keystore file in android. The keystore is > password protected, but open to brute force attacks if it can be > exported to regular PCs. > > I read in SDK that application can not access private memory of other > applications, which is great, so inside a phone I am considering > myself as safe. My concern is when the phone (device) is connected to > computer, then everything is exportable to computer (as in emulator), > and so is the keystore file which is then open to attacks. > > One solution to this would be to use cryptographic mini/microSD cards, > but its rather expensive (and beside could not find such a product > too). > > So my question is : Is there any area inside an android, where we > could keep a private data which will not be exportable in any way ? > > Sincerely > Ray --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] Announcing the new M5 SDK! http://android-developers.blogspot.com/2008/02/android-sdk-m5-rc14-now-available.html For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
