Hi, and thanks for prompt responses to all, really appreciate that. The keystore itself is password protected, so the the password is needed to start using keystore (and maybe even another password for accessing individual entries inside the keystore itself, like secretkeys and private keys).
My first problem lies in the possibility of brute-force attacking the keystore file after it is exported to some external device (like PC). >>Out of curiosity, are you interested in protecting your data from >> access by the user, or malicious access from others? We kinda want both. We got a scenario where a keystore contains ECDSA keypairs which should be used by user for signing (who knows passwords). And this keystore should be protected from malicious users. But even user himself should not be able to export it to another device (its a requirement since those keys are used for authentication and other operations) In other scenario we need our application to encrypt some data , thus we need to keep the keys secret and protect the keys from user too. from hackbod's post I understand that the access to internal flash will be limited to low level services only. And the root access to adb shell is not what is expected to have. Then is it safe to assume that if our application creates file then this file will be not accessable by anyone ? >> For example, we could store an encrypted datafile with a key based on >> the application signature itself seeded with the device ID. Since the >> key can be calculated with code, it wouldn't be stored anywhere, so any >> attacker would have to extract the key from a running program (which is >> quite hard!); and even if someone did manage this and was able to >> decrypt the datafile, they'd need to repeat the process on every other >> phone. I guess this is not a good option since device ID can be obtained by attacker, the same way original application did it. And since the key is calculated decompiling the code will reveal internals, so attacker, instead of extracting keys from running program, would generate the same key. Just thoughts. Thanks --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] Announcing the new M5 SDK! http://android-developers.blogspot.com/2008/02/android-sdk-m5-rc14-now-available.html For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
