gpt4 book ai didi

java - 如何在 Android 上安全地存储密码?

转载 作者:塔克拉玛干 更新时间:2023-11-02 20:59:10 25 4
gpt4 key购买 nike

任务是将输入的密码(PasswordStr)或mKey.getEncoded byte[]保存起来,之后自动发送给Crypto API(Cipher)

    SecretKey mKey = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(PasswordStr.toCharArray());

显然这个密码也可以被加密,但是这将需要另一个密码等等直到无限。

Android 可能已经提供了一种存储密码的机制?

p.s 使用远程服务器是不可能的。需要存储在本地。

最佳答案

您可以使用 Android 的 Keystore API

secret 由从手 secret 码或 PIN 派生的主密码加密。它被认为是一个很好的基于软件的加密解决方案。请注意,用户必须在他的手机上设置密码/个人识别码才能工作。

Nelenkov gives a good overview:

Android's credential storage is implemented as a native Linux service (daemon), with a few extra layers on top of it that make it available to the framework. Let's quickly review what we know about the keystore daemon (described in more detail here):

  • it's a native daemon, started at boot
  • it provides a local control socket to allow apps and system services to talk to it
  • it encrypts keys using an AES 128 bit master
  • key encrypted keys are stored in /data/misc/keystore, one file per key
  • the master key is derived from the device unlock password or PIN it
  • authorizes administration commands execution and key access based on caller UID

参见 Android Documentation了解更多详情。

关于java - 如何在 Android 上安全地存储密码?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28137070/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com