安全存储应用程序如何工作

Question

I want to make a mobile application using Flutter like this

https://play.google.com/store/apps/details?id=com.enchantedcloud.photovault

but I don't know how to keep the data actually safe

I have used aes_crpyt package ( https://pub.dev/packages/aes_crypt ) which allows me to encrpyt and decrpyt files but how can I retrieve the data to be shown in the application without being decrypted as normal files which can be opened using any explorer which can access root files

Answer 1

You can check out this package: flutter_secure_storage . From the documentation:

• Keychain is used for iOS
• AES encryption is used for Android. AES secret key is encrypted with RSA and RSA key is stored in KeyStore

This way your data can be saved in a SharedPreferences fashion in a safer way through encryption.

Sample syntax:

import 'package:flutter_secure_storage/flutter_secure_storage.dart';

// Create storage
final storage = new FlutterSecureStorage();

// Read value 
String value = await storage.read(key: key);

// Read all values
Map<String, String> allValues = await storage.readAll();

// Delete value 
await storage.delete(key: key);

// Delete all 
await storage.deleteAll();

// Write value 
await storage.write(key: key, value: value);

Since any database's purpose is to only store pure informational organized data. It's not suitable for storing large files such as media, documents, or images. There are 2 alternatives:

1. Upload the encrypted file to Firebase, then save the encrypted path to DB
2. Save encrypted file to local storage, then store the encrypted path

I recommend the 1st method since you can avoid saving the encrypted files at local and risking chance to expose it to other users.