-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Add example for showing how to store encryption key #4181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Some more examples from @kotomisak
https://github.com/kotomisak/db-showcase-android
More specifically:
- https://github.com/kotomisak/db-showcase-android/blob/develop/mobile/src/main/java/cz/koto/misak/dbshowcase/android/mobile/model/ModelProvider.java
- https://github.com/kotomisak/db-showcase-android/blob/develop/mobile/src/main/java/cz/koto/misak/dbshowcase/android/mobile/ui/control/ControlRootViewModel.java
Is this related to https://github.com/realm/realm-android-user-store ?
Not really, although it uses the same concept. The idea is to show how to use a double layered key approach to store Realm encryption keys since the keystore does not allow you to extract the key material again, which is required by Realm.
So you
-
Create a keystore and secure it using a fingerprint (because it's fun/easy to show, but you can use pin or whatever)
-
Then create a AES key outside the keystore and put the key inside the keystore. From the keystores point of view it will just see random bytes which it stores quite fine.
-
Show that on startup you can use the fingerprint to get the Realm key out of the keystore again and you can now use it to unlock the Realm.
This works quite nicely offline and is secure if you trust that the keystore does its job correctly.
... during encryption (#7485)
No description provided.