Where to store the keys of the encryption algorithm?

Question

Where to store the keys of the encryption algorithm?

I need to develop an Android application where encryption / decryption is done on the client side. Data that is transported and stored on the server MUST be encrypted. The problem is that I cannot store the encryption / decryption key anywhere.

Keys cannot be stored on the client machine. Because administrators (or someone who has access to the server) should not have access to unencrypted data.

How to generate keys? Can you suggest some kind of method?

+4

android encryption key

user1154309 Jan 17 '12 at 16:01

source share

1 answer

Bruno oliveira · Answer 1 · 2012-01-17T16:19:45+0000

I assume that when you say that encryption keys should not be stored on the device, you really mean this :-) Because, if this restriction was not there, you can use KeyStore . However, this will mean that the keys are stored on the device, which does not seem to be the way you want.

So, assuming that the encryption keys are external to the device, this is somewhat straightforward, since there is no choice: the client application asks the user to enter the encryption key in some way (up to you), which he uses to encrypt the data, and then immediately forgets encryption key.

Then it sends the encrypted data to the server where it is stored. The server does not know the encryption keys, so the server is just an opaque data block.

When a user wants to receive data, they must provide a decryption key in place, since it is not stored on the device.

Where to store the keys of the encryption algorithm?

More articles: