I'm creating an application that encrypts data with a key that is created each time the user logs into the app. However, there are times when data will be received via a BroadcastReceiver that needs encrypting, but the user is not logged in and so the encryption key is not available. Security is pretty important and so using a key stored in code to encrypt the data until the user next logs in is out of the question as is storing one in the applications DB despite it being within the apps sandbox. I've been searching through the Android docs and get hints of APIs to address this situation but have not yet come up with a definitive solution. Anyone know of the usual solution to this problem? I expect it crops up quite a lot in software development.
A:
Two ideas:
- The BroadcastReceiver get the encrypted data, do the login by stored credentials and get the key to decrypt the data.
- You BR just store the encrypted data and inform the user, so the user logs in to get the decrypted data.
I don't know what your app does, so its just a guess what could be possible...
WarrenFaith
2010-08-20 09:14:10
The data received is unencrypted so the problem is encrypting it in a secure way until the user next logins in.
dr_sulli
2010-08-20 09:39:13
ah ok and storing the plain data until the user logs in? I mean if you send plain data, than it cant be sensible data...
WarrenFaith
2010-08-20 10:10:49
A:
tc.
2010-08-21 08:47:57