This article describes the use of the Jetpack-Security library to securely manage keys and encrypt files and SharedPreferences. (Note: Only minSdkVersion 23+ is supported)

SharedPreferences is a good tool for storing a small amount of key data. However, when storing sensitive data, SharedPreferences store the key data in plaintext. For sensitive data, we should encrypt it.

  1. Write your own encryption to wrap SharedPreferences using the Android keystore
  2. Using third-party libraries, encapsulate SharedPreferences

None of this makes much sense, but now the Jetpack-Security library makes it easier and more convenient to store encryption in SharedPreferences, but only with minSdkVersion 23+.

use

Add dependencies for required artifacts to your application or module’s build.gradle file:

dependencies {
    implementation "Androidx. Security: security - crypto: 1.0.0"
}
Copy the code

After adding the dependency, we will create an encrypted master key and store in the Android KeyStore.

val keyGenParameterSpec = MasterKeys.AES256_GCM_SPEC
val masterKeyAlias = MasterKeys.getOrCreate(keyGenParameterSpec)
Copy the code

Here we specify a default key, AES256_GCM_SPEC, to create the master key.

Finally, we need to create EncryptedSharedPreferences, it has carried on the packaging to SharedPreferences and will handle all the encryption for us.

const val FILE_NAME = "app_share"

EncryptedSharedPreferences.create(
FILE_NAME,
masterKeyAlias,
context,
EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
)
Copy the code

In the creation we specify the file name of the SharedPreferences, the masterKeyAlias we create, and the context. The next two arguments are key and value encrypted schemes, which are options provided by the library.

After created EncryptedSharedPreferences instance, we can be normal use SharedPreferences read and stored, final code is as follows:

val keyGenParameterSpec = MasterKeys.AES256_GCM_SPEC
val masterKeyAlias = MasterKeys.getOrCreate(keyGenParameterSpec)

const val FILE_NAME = "app_share"

val sp = EncryptedSharedPreferences.create(
FILE_NAME,
masterKeyAlias,
context,
EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
)

// save a value
sp.edit().putString("sp_key"."data").apply()

// read a value
sp.getString("sp_key"."defalut")
Copy the code

Check the data

/data/data/{packageName}/shared_prefs/{SharedPreferences file name}

The normal SharedPreferences file is as follows:


      
<map>
    <string name="sp_key">data</string>
</map>
Copy the code

After using the EncryptedSharedPreferences encryption, the file content is as follows:


      
<map>
    <string name="__androidx_security_crypto_encrypted_prefs_key_keyset__">12a901ef1070f09bff3ce84e02def76f45b4a7b83f9700d97dba0bcd7d4555c777df36417605da8c00609c2e563f496b91f89a126e3ecf5623ea25f5 d051bd44bbff3a7f5fd8654e6570b2e568b08e46f8fcefce2161ceebf9808425dbc30fa42035bd59ddf1de49482034bccf3c7198888b857389ee8b5f 12104b3306c271fc85770cf3f5db70a5215213d07840adb86ee73ccc96ad7069ddf22cedc55674d94d719628ba5982c4aa8357381a4408b8c88a9403 123c0a30747970652e676f6f676c65617069732e636f6d2f676f6f676c652e63727970746f2e74696e6b2e4165735369764b6579100118b8c88a9403 2001</string>
    <string name="ATKCpDjubqZ3BEBOJqWfnwHRjbuLoAfVjuKK">ATvCdd9NsncgS7HDfM3baFgwRvAYOrdzAZwaXD1I0mRjI31WsbVvi5E=</string>
    <string name="__androidx_security_crypto_encrypted_prefs_value_keyset__">12880176be20810bda48152c5a724c2e1653b60e9c66bfd7a4be40c9d3a1073e3efd2572a77373ed1b71c2fdaf586c1aeeb39eb230b906ffb2d69cec f820916b7a1c6e6f0c532274e045c924f674bb3437103fa914a0219c72c4ef23750398aef93dcfd0945d78d4ee8e8efbcab7a317234458836c327095 16479179b4cf0401187d823f5caeeb487678521a4408dfeb89de03123c0a30747970652e676f6f676c65617069732e636f6d2f676f6f676c652e6372 7970746f2e74696e6b2e41657347636d4b6579100118dfeb89de032001</string>
</map>
Copy the code

We can see that the key and value are encrypted and two keysets are stored, the encrypted key and value.

conclusion

The Jetpack-Security library is a useful tool for encrypting data in SharedPreferences. It is a good method for encrypting sensitive data, but only supports minSdkVersion 23+. Compatibility with low-end devices is difficult, so you can still try to use it.