please am working on app that store sensitive user data on a database upon googling on how to do the answers point me to cwac saferoom since am using room for my database but the problem am facing are:
Cwac saferoom required i pass in an edittable object meani g the same method i call on edittext to get the input string as passphrase i dont really know how make a that object out of a string
How do i safely store the password on the device also
Please am using java
Cwac saferoom required i pass in an edittable object
Quoting the documentation: "The SafeHelperFactory constructor takes a either a byte[] or a char[] for the passphrase.". There is a utility method that takes an Editable, for the recommended path of getting the passphrase from the user. So, just create a SafeHelperFactory object via the constructor:
SafeHelperFactory factory = new SafeHelperFactory(thePassphraseFromTheUser);
i dont really know how make a that object out of a string
It is not a good idea to have a passphrase in a String. See:
But, for tests and stuff, call toCharArray() on your String to get a char[] to pass to the SafeHelperFactory constructor:
SafeHelperFactory factory = new SafeHelperFactory(stringPassphraseFromTheUser.toCharArray());
How do i safely store the password on the device also
Generally, you don't. You get the passphrase from the user.
If your minSdkVersion is 23 or higher, you could use androidx.security:security-crypto classes to store a generated passphrase in hardware-encrypted storage.