[英]How to store the key used to encrypt files in android by using AES algorithm
im try develop a encryption app for android by using AES algorithm ,where should i store the key. 我尝试使用AES算法为Android开发一个加密应用程序,我应该在哪里存储密钥。 the idea is that the user provides a password and a key is generated.how can i do this process safer.thanks in advance 这个想法是用户提供密码并生成密钥。我该如何更安全地执行此过程。
im try develop a encryption app for android by using AES algorithm ,where should i store the key. 我尝试使用AES算法为Android开发一个加密应用程序,我应该在哪里存储密钥。 the idea is that the user provides a password and a key is generated 这个想法是,用户提供密码并生成密钥
Then you do not store the key. 然后,您不存储密钥。 When the user supplies the password -- either for the initial encryption or for later decryption -- you generate the key from the password. 当用户提供密码(用于初始加密或以后的解密)时,您将根据密码生成密钥。
As @CommonWare indicates, you should generate a key from the password. 如@CommonWare所示,您应该从密码生成密钥。 The correct way to do this is using the PBKDF2 algorithm together with a salt (*). 正确的方法是使用PBKDF2算法和一个盐(*)。 There are other good algorithms such as bcrypt and scrypt, but PBKDF2 is the most established standard. 还有其他好的算法,例如bcrypt和scrypt,但是PBKDF2是最成熟的标准。 For Android implementations, see PBKDF2 function in Android . 有关Android的实现,请参见Android中的PBKDF2函数 。
(*) The salt is a random number that is required as part of the PBKDF2 algorithm. (*) 盐是PBKDF2算法所必需的随机数。 This salt is not a secret; 这种盐不是秘密。 you can store it any way you like. 您可以随意存储它。 But you need to keep track of it for later decryption. 但是您需要跟踪它以便以后解密。 Typically you prepend the salt, along with the random IV used by CBC, to the ciphertext when you store it. 通常,在存储盐时,会将盐以及CBC使用的随机IV附加到密文中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.