Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Android Keystore's password protection

We used Anroid Keystore to store some confidential data and set up a password for Keystore. This passwords are used in conjunction with the KeyStore class in the load, getKey and setKeyEntry methods.

The Keystore itself is encrypted and app can only view and query its own data so we can say that data are somewhat secure inside Keystore but how we can secure the password that associated with keystore account? I found many example online and most of them having hardcoded password in code or use null parameter.

Please see in below example. I want to know what is the best approach to secure hardcoded password? Want to find a safe way in android device itself to store this hardcoded password. Assume that moving it to external place like database, service call etc. options are NOT available.

Context context;
KeyStore ks;
KeyStore.PasswordProtection prot;

static readonly object fileLock = new object ();

const string FileName = "Xamarin.Social.Accounts";
static readonly char[] Password = "3295043EA18CA264B2C40E0B72051DEF2D07AD2B4593F43DDDE1515A7EC32617".ToCharArray ();

public AndroidAccountStore (Context context)
{
    this.context = context;
    ks = KeyStore.GetInstance (KeyStore.DefaultType);
    **prot = new KeyStore.PasswordProtection (Password);**
    try {
        lock (fileLock) {
            using (var s = context.OpenFileInput (FileName)) {
                ks.Load (s, Password);
            }
        }
    }
    catch (FileNotFoundException) {
        //ks.Load (null, Password);
        LoadEmptyKeyStore (Password);
    }
}
like image 757
Ketan Avatar asked Aug 05 '16 06:08

Ketan


People also ask

How secure is your android keystore authentication?

The Android Keystore provides APIs to perform cryptographic operations within this trusted environment and receive the result. It was introduced in API 18 (Android 4.3). A strongbox backed Android Keystore is currently the most secure and recommended type of keystore.

Why should you password protect Keystores?

The password is for protecting the contents of the store from illegitimate accesses and manipulation. You can for sure open the encrypted content in some editor but cannot make sense out of it. You cannot get a usable data out of it. Password protection also prevents manipulation of the store.

How secure is the Android keystore?

A few months ago, Godfrey Nolan wrote an excellent article discussing how an Android app developer can store user passwords and sensitive/personal information . The Android keystore provides a secure system level credential storage.

What is an Android keystore authorization?

To mitigate unauthorized use of keys on the Android device, Android Keystore lets apps specify authorized uses of their keys when generating or importing the keys. Once a key is generated or imported, its authorizations cannot be changed. Authorizations are then enforced by the Android Keystore whenever the key is used.

How do I Secure my Android device with an encrypted key?

You use the Security library in each case. Android 9 (API level 28) and higher allow you to import encrypted keys securely into the Keystore using an ASN.1‑encoded key format. The Keymaster then decrypts the keys in the Keystore, so the content of the keys never appears as plaintext in the device's host memory.

What is the difference between private key password and KeyStore password?

The reason this works is keystore password is only used to provide integrity of the keystore, it does not encrypt data with it, in contrast to private key password, which actually keeps your private key encrypted. Please note, that you must know your private key password to sign your apps.


1 Answers

Assume that moving it to external place like database, service call etc. is NOT possible

You want to securely store sensitive information on the local user's machine. The only way to do that is encrypting it. The most popular encryption algorithm is AES, and luckily Microsoft included an implementation of it in C#.

However, encryption uses a secret key to encrypt/decrypt the data, so we're basically moving the problem back - now we need to store that encryption key securely.

You could hard-code that key in the app, but a dedicated attacker could still get it and decrypt the password.

Instead, get that password from the user. Ask them to provide a password, hash it (using e.g. SHA256) and use the hash as the key for the encryption.

like image 155
Bip901 Avatar answered Oct 01 '22 18:10

Bip901