You're right I missed the part where he wanted to decrypt on the phone also...
On Oct 6, 11:02 am, DanH <[email protected]> wrote: > Using asymmetric keys won't fix the problem -- you'd still have to > embed the decryption key somewhere in the code. Best you can do is > obfuscate the key generation somehow. > > On Oct 6, 8:18 am, gcstang <[email protected]> wrote: > > > If you encrypt on the phone side with a known pass (assuming your > > using symmetric keys) then all the hacker has to do is find your > > password ( and salt if you use one) you used to create it and decrypt > > it. > > > I would if possible use asymmetric keys. (public/private) > > > I've not used them on Android so you would have to figure out if it's > > possible, I'm guessing it is since LVL uses that. > > > On Oct 5, 12:34 pm, Dimitris <[email protected]> wrote: > > > > Yes, look for CipherOutputStream and CipherInputStream for writing and > > > reading the file safely. I would use a symmetric encryption algorithm > > > such as AES unless the XML is coming from a web service. > > > > On Oct 5, 9:18 am, Kostya Vasilyev <[email protected]> wrote: > > > > > 05.10.2010 19:59, DanH пишет: > > > > > > If you encrypt the entire XML file you won't be able to use Android's > > > > > "compiled' XML access tools, and you'll expose the unencrypted file on > > > > > the phone. If you encrypt individual entries then you have a > > > > > complicated build process and, due to the shorter elements being > > > > > encrypted, a more complicated decryption process and (technically) > > > > > less secure encryption. > > > > > It's possible to use CipherInputStream to do on-the-fly decryption while > > > > reading data from a file or from the network. > > > > > Per-application data files located in phone storage are private, and > > > > could be used to cache decrypted data. Unless, of course, the user roots > > > > their phone, but that's not commonplace. > > > > > -- > > > > Kostya Vasilyev -- WiFi Manager + pretty widget > > > > --http://kmansoft.wordpress.com > > -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
