I want to store some small but critical piece of information such as AES keys in my Android application. What would be the recommended way to do this? I do not want to hardcode keys as part of my application.
I look at KeyStore but it does not really solve my problem. It can store my keys given that I can provide a password. Then I need to find a secure place to store this password which is same as my original problem.
Is there a built in Android class to perform this task? Or should I look for third party libraries? Using NDK is also acceptable for me.
Update:
I was hoping to find an Android API for storage such that guarantees that only the application that stored some information can retrieve it back. Android OS could have enforced this based on signing signatures of the application. This way my application can generate a random key on first run and store it in secure storage for later use. Are there any API for this?
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…