This question was
closed
by
clover-community-bot for the following reason: automated
Alternatives for Keystore on clover station 2016 (Android 4.2)
We are planning to use Keystore in android to store the application keys. The KeyPairGeneratorSpec is being supported only from Android 4.3 (API 18). Is there any alternative approach for clover station 2016 which runs on Android 4.2
This
stackoverflow answer mentions that Android 4.x, there is a Credential Storage service you can use to store your app's secrets. It links to an article by Nikolay Elenkov with more detail: https://nelenkov.blogspot.de/2012/05/storing-appli...
He also includes a test app you can use for reference on how to use the Credential Storage service to store app secrets.
I have tested the app on a Clover Station, and it can successfully encrypt and decrypt a key using AES through this method.
He also includes a test app you can use for reference on how to use the Credential Storage service to store app secrets.
I have tested the app on a Clover Station, and it can successfully encrypt and decrypt a key using AES through this method.
Personally I don't recommend using the Android keystore unless you are hyper concerned with security and find it acceptable that sometimes keys will be unrecoverable. The Android keystore is overkill for most situations and it is unreliable to boot. We've seen instances of keys being lost mysteriously in the past.
https://doridori.github.io/android-security-the-fo...
Take a look at this stack overflow question I answered which is nearly identical to the one you asked:
https://stackoverflow.com/questions/28905539/use-k...
https://doridori.github.io/android-security-the-fo...
Take a look at this stack overflow question I answered which is nearly identical to the one you asked:
https://stackoverflow.com/questions/28905539/use-k...
Well, we are aware of key loss scenarios and to handle it we are trying to store the keys on server side as well. Please let me know if there is any other better solution than using keystore.
As you can see in the stackoverflow links you can use a PKCS12 or PKCS8 format file to save your keys. See Android docs android.content.Context#openfileoutput for a method to get a path to private file that is only readable by your application. Here's some sample code that might help:
Welcome to the
Clover Developer Community
2 People are following this question.
