开发者

Android storing key, decompiling fear

I'm using amazing FPS and I have to store the secret key in the java code. However I am afraid that someone would decompile my apk and find the key. I have decompiled the apk myself开发者_JAVA技巧 and could not find the key, but I am not a VM expert. Any help?


You can't put your encryption key into your application and expect it to remain a secret. All it takes is for one determined programmer to decompile it and find the key, and they can share it with the world.

Asymmetric/public-key cryptography is exactly the solution you want. Create a public/private key pair, then put the public key in your application and keep the private key yourself. Then you can do two things:

  • Your application can encrypt a message using the public key, that can only be decrypted using the private key.
  • Or, you can sign a message using the private key, that can be authenticated using the public key in your application.


A determined enough individual will be able to extract your key, and there really isn't that much that can be done about it. You can attempt to obfuscate the keys somehow (raising the bar on how determined they need to be), but you can't keep them from getting the key.

However, depending on why you need to store the secret key, you might be able to use Asymmetric Key Cryptography. You'll be able to store a public key that may be limited to encryption (not decryption) or authentication purposes, while being able to keep the private key safe.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜