The following is the first few sections of a chapter from The Busy Coder's Guide to Android Development, plus headings for the remaining major sections, to give you an idea about the content of the chapter.


Keys and the Keystore

The Java Cryptography Architecture (JCA) has been available in Java since Jave 1.1, though it has expanded over the years. It gives us KeyStore objects that can manage cryptographic keys for a variety of symmetric and asymmetric ciphers. You can create keys, then use those keys to encrypt, decrypt, sign, and validate data. The actual algorithms that implement the cryptography come from service provider implementations (SPIs) that plug into the JCA. You do not need to know all of the details of the cryptography – you treat the algorithms mostly as a black box.

Android extends JCA by offering a KeyStore that is integrated into the Android architecture. In particular, on some Android 7.0+ devices, the keys can be tied to hardware, as part of the so-called Trusted Execution Environment (TEE, presumably named by a golfer). This dramatically reduces the likelihood of your keys somehow getting leaked to some malicious actor. The Android-supplied KeyStore also offers hooks to tie keys to device authentication, where you can require the user to authenticate the device before you can use the key to decrypt the data.

In this chapter, we will explore the basics of using this Android-specific KeyStore. The important word in the preceding sentence is “basics”, as this is not a complete treatment of how to use the JCA. The JCA is part of standard Java; other educational resources can show you how to implement effective cryptography using the JCA.

Also note that many of the Android-specific APIs shown in this chapter have a minSdkVersion of 23.

Prerequisites

To understand this chapter, please read the preceding chapter on device authentication first. Also, the examples in this chapter make extensive use of RxJava.

Terminology

The preview of this section will not appear here for a while, due to a time machine mishap.

Getting a KeyStore

The preview of this section is [REDACTED].

Creating a Key

The preview of this section will not appear here for a while, due to a time machine mishap.

Tying the Key to Device Authentication

The preview of this section was abducted by space aliens.

Learning More About Your Key

The preview of this section is in an invisible, microscopic font.

Encrypting Data

The preview of this section was traded for a bag of magic beans.

Time-Limited Device Authentication

The preview of this section is off trying to sweet-talk the Khaleesi into providing us with a dragon.

Encrypting Passphrases

The preview of this section was lost in the sofa cushions.

A Key(Store) Limitation

The preview of this section left for Hollywood to appear in a reality TV show.