任务是将输入的密码(PasswordStr)或mKey.getEncoded byte[]保存起来,之后自动发送给Crypto API(Cipher)
SecretKey mKey = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(PasswordStr.toCharArray());
显然这个密码也可以被加密,但是这将需要另一个密码等等直到无限。
Android 可能已经提供了一种存储密码的机制?
p.s 使用远程服务器是不可能的。需要存储在本地。
最佳答案
您可以使用 Android 的 Keystore API。
secret 由从手 secret 码或 PIN 派生的主密码加密。它被认为是一个很好的基于软件的加密解决方案。请注意,用户必须在他的手机上设置密码/个人识别码才能工作。
Nelenkov gives a good overview:
Android's credential storage is implemented as a native Linux service (daemon), with a few extra layers on top of it that make it available to the framework. Let's quickly review what we know about the keystore daemon (described in more detail here):
- it's a native daemon, started at boot
- it provides a local control socket to allow apps and system services to talk to it
- it encrypts keys using an AES 128 bit master
- key encrypted keys are stored in /data/misc/keystore, one file per key
- the master key is derived from the device unlock password or PIN it
- authorizes administration commands execution and key access based on caller UID
参见 Android Documentation了解更多详情。
关于java - 如何在 Android 上安全地存储密码?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28137070/