Flutter - 为什么/flutter_secure_storage 是安全的?
[英]Flutter - Why/How is flutter_secure_storage secure?
问题描述
I think I don`t understand this mechanism at all.
我想我根本不了解这种机制。
You are supposed to create it by setting a key value, but if someone decompiles the flutter code and reads it again with flutter_secure_storage, doesn't it all show up?你应该通过设置一个键值来创建它,但是如果有人反编译了 flutter 代码并用flutter_secure_storage再次读取它,它不会全部显示出来吗?
https://pub.dev/packages/flutter_secure_storage https://pub.dev/packages/flutter_secure_storage
The documentation explanation is too short.文档说明太短。 I want to keep my private key safe.我想保护我的私钥安全。 Anyone could tell me more about this issue & mechanism??任何人都可以告诉我更多关于这个问题和机制的信息?
PLUS加
I just set the key value, but realized that the key value is not visible on other phones.我只是设置了键值,但发现键值在其他手机上是不可见的。 If this happens, the cell phone has to expose the private key every time the app is opened for the first time... I don't know why this is secure.如果发生这种情况,手机每次第一次打开应用程序时都要暴露私钥......我不知道为什么这样是安全的。
1 个解决方案
解决方案1
0 2022-08-11 14:21:23
Note the difference between a cryptographic key and a map key.请注意加密密钥和 map 密钥之间的区别。 The key you provide to the flutter_secure_storage api is more akin to a label, one you use to find the correct value to retrieve.您提供给 flutter_secure_storage api 的密钥更类似于 label,用于查找要检索的正确值。 The cryptographic key is provided/handled by the library together with the device KeyStore, and as such is typically only available after the user unlocks with a biometric prompt (fingerprint etc.).加密密钥由库与设备 KeyStore 一起提供/处理,因此通常仅在用户使用生物特征提示(指纹等)解锁后才可用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.