androidencryptioncryptographysalt-cryptographykeyczar

using keyczar in android


I am looking into making my user data secure for android. I come across keyczar. I found the android-keyczar-demo provided by Kenny Root who gives talk on android security at google-IO. However I have a nagging question. Since the keys are packaged in the app, isn't it the case that malicious user can also use that key to decrypt the sensitive data? From keyczar doc, keyczarTool is a command-line tool to create the keys, so it seems that it is not meant to be packaged in the app? I have noticed that keyczar's key can be password protected. However it comes back to hard coding the password in the source code. What am I missing to understand here?


Solution

  • What you are missing is that you can't semantically keep the key secret from your users if you also want those same users to be able to decrypt. That's why DRM will never work.

    The reason keyczar has the keytool is that an important part of security is changing your key over time, and so keyczar provides a way to rotate your keys without breaking functionality.

    The PBE keysets are there so that a user can enter a password to decrypt, it is definitely not intended to be hard coded. That way given a keyset for an app, you can protect the data from an adversary while providing decryption to your user, by requiring your user enter a password. (Unfortunately this feature is only present in the C++, Go, and C# versions of keyczar--not currently in the java version).

    Also if you don't want every user to have the same key you don't have to include the keyset with your app, you could also generate it installation. But encryption in the mobile space is difficult, it's hard to say without knowing what you are trying to do, if it's possible for you to secure what you want or if keyczar is the right fit.