I want to generate a key and then use it to encrypt Room DB with SQLCipher, but the problem is SQLCipher requires a CharArray as a key to encrypt SQLite data. is there a way to use secretKey instead of CharArray or at least convert the secretKey to CharArray?.
My code to generate the key :
private val keyGenerator: KeyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore")
private val keyGenParameterSpec = KeyGenParameterSpec.Builder(
KEY_ALIAS,
KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.build()
keyGenerator.init(keyGenParameterSpec)
keyGenerator.generateKey()
fun getKey(): SecretKey {
val keyStore = KeyStore.getInstance("AndroidKeyStore")
keyStore.load(null)
val secretKeyEntry = keyStore.getEntry(KEY_ALIAS, null) as KeyStore.SecretKeyEntry
return secretKeyEntry.secretKey
}
androidx.securityclasses likeEncryptedFile. See this sample app (covered in this book).UUID.randomUUID().toString()and than store and retrieve it fromEncryptedSharedPreferences? That wayEncryptedSharedPreferenceswould deal with all of the encryption,decryption, key management etc.. Or this is not good since we would idealy want our passphrase to beByteArrayinstead ofString?EncryptedSharedPreferencesprobably is fine -- my sample usedEncryptedFile. TheByteArrayapproach should be faster than aStringand has the advantage of being able to replace theByteArray's contents with zeros once you are done with the passphrase, so the passphrase stays around in memory for less time.