Java:安全存储客户端密码
[英]Java: Secure storage for client password
问题描述
Is there anything in Java that allows one to store client password in a secure location? 
Java中是否有任何东西可以允许将客户端密码存储在安全的位置?
My app needs to work in offline mode. 我的应用程序需要在离线模式下工作。 It should allow the user to create content, store it on the device and prevent other apps from reading this content. 它应该允许用户创建内容,将其存储在设备上,并防止其他应用读取该内容。 Other apps may access the content but they should not be able to decrypt it. 其他应用程序可能会访问该内容,但它们不应对其进行解密。
One classical solution will be to use a secure hash function to hash user password and use the result to encrypt the files. 一种经典的解决方案是使用安全的哈希函数来哈希用户密码,并使用结果来加密文件。 However, this involves user typing his/her password each time he/she accesses the app. 但是,这涉及到用户每次访问该应用程序时都要输入其密码。 I want to save the password in a secure way that will protect it from other apps on the device. 我想以安全的方式保存密码,以保护其免受设备上其他应用程序的侵害。
In Android, such solution is possible by using Android Keystore System . 在Android中,可以通过使用Android Keystore System实现这种解决方案。
Is there anything like that in pure Java? 在纯Java中是否有类似的东西?
1 个解决方案
解决方案1
-1 2018-03-16 21:15:13
You can use java.security.MessageDigest with SHA as your algorithm choice. 您可以将java.security.MessageDigest与SHA一起用作算法选择。 Example 例
public class CryptWithMD5 {
private static MessageDigest md;
public static String
cryptWithMD5(String pass){
try {
md = MessageDigest.getInstance("MD5");
byte[] passBytes = pass.getBytes();
md.reset();
byte[] digested = md.digest(passBytes);
StringBuffer sb = new StringBuffer();
for(int i=0;i<digested.length;i++){
sb.append(Integer.toHexString(0xff & digested[i]));
}
return sb.toString();
} catch (NoSuchAlgorithmException ex) {
}
return null;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.