I'm not sure if that is practical. If I created a public/private keypair as part of the app it would be accessible to the user and could be used to decrypt the data. The only way that would work is if there was a way to protect the public/private keypair, and I'm not sure how to go about doing that.
On Oct 6, 2:18 pm, gcstang <[email protected]> wrote: > If you encrypt on the phone side with a known pass (assuming your > using symmetric keys) then all the hacker has to do is find your > password ( and salt if you use one) you used to create it and decrypt > it. > > I would if possible use asymmetric keys. (public/private) > > I've not used them on Android so you would have to figure out if it's > possible, I'm guessing it is since LVL uses that. > > On Oct 5, 12:34 pm, Dimitris <[email protected]> wrote: > > > Yes, look for CipherOutputStream and CipherInputStream for writing and > > reading the file safely. I would use a symmetric encryption algorithm > > such as AES unless the XML is coming from a web service. > > > On Oct 5, 9:18 am, Kostya Vasilyev <[email protected]> wrote: > > > > 05.10.2010 19:59, DanH пишет: > > > > > If you encrypt the entire XML file you won't be able to use Android's > > > > "compiled' XML access tools, and you'll expose the unencrypted file on > > > > the phone. If you encrypt individual entries then you have a > > > > complicated build process and, due to the shorter elements being > > > > encrypted, a more complicated decryption process and (technically) > > > > less secure encryption. > > > > It's possible to use CipherInputStream to do on-the-fly decryption while > > > reading data from a file or from the network. > > > > Per-application data files located in phone storage are private, and > > > could be used to cache decrypted data. Unless, of course, the user roots > > > their phone, but that's not commonplace. > > > > -- > > > Kostya Vasilyev -- WiFi Manager + pretty widget > > > --http://kmansoft.wordpress.com > > -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
