Java: Secure storage for client password
Question
Is there anything in Java that allows one to store client password in a secure location?
My app needs to work in offline mode. It should allow the user to create content, store it on the device and prevent other apps from reading this content. Other apps may access the content but they should not be able to decrypt it.
One classical solution will be to use a secure hash function to hash user password and use the result to encrypt the files. However, this involves user typing his/her password each time he/she accesses the app. I want to save the password in a secure way that will protect it from other apps on the device.
In Android, such solution is possible by using Android Keystore System .
Is there anything like that in pure Java?
1 answers
solution1
-1 2018-03-16 21:15:13
You can use java.security.MessageDigest with SHA as your algorithm choice. Example
public class CryptWithMD5 {
private static MessageDigest md;
public static String
cryptWithMD5(String pass){
try {
md = MessageDigest.getInstance("MD5");
byte[] passBytes = pass.getBytes();
md.reset();
byte[] digested = md.digest(passBytes);
StringBuffer sb = new StringBuffer();
for(int i=0;i<digested.length;i++){
sb.append(Integer.toHexString(0xff & digested[i]));
}
return sb.toString();
} catch (NoSuchAlgorithmException ex) {
}
return null;
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.