# secure-storage-android

**Repository Path**: fzyme_admin/secure-storage-android

## Basic Information

- **Project Name**: secure-storage-android
- **Description**: 在Android设备上安全存储凭据
- **Primary Language**: Unknown
- **License**: Apache-2.0
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 1
- **Created**: 2021-03-20
- **Last Updated**: 2022-04-02

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# Secure Device Storage - Android

## Storing Credentials Securely on Android Devices

[![Actions Status](https://github.com/adorsys/secure-storage-android/workflows/SecureStorage%20Pull%20Request%20Workflow/badge.svg)](https://github.com/adorsys/secure-storage-android/actions)
[![Download](https://api.bintray.com/packages/andev/adorsys/securestoragelibrary/images/download.svg) ](https://bintray.com/andev/adorsys/securestoragelibrary/_latestVersion) 
[![Android Arsenal](https://img.shields.io/badge/Android%20Arsenal-Secure%20Storage%20Android-blue.svg?style=flat)](https://android-arsenal.com/details/1/5648)
[![API](https://img.shields.io/badge/API-18%2B-blue.svg?style=flat)](https://android-arsenal.com/api?level=18)
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0) 
[![Open Source Love](https://badges.frapsoft.com/os/v1/open-source.svg?v=103)](https://github.com/ellerbrock/open-source-badges/)



### Introduction

Storing credentials securely on a device is in many occasions necessary. You probably don't want to rely only on the separation of processes of the Android OS but make sure the stored values are also encrypted.
To make that possible we have combined the Android Keystore and the SharedPreferences. The keystore is used for generating cryptographic keys, the values are then encrypted with these keys and subsequently securely stored in the SharedPreferences.

The secure part about this solution is that those generated keys are never exposed to the kernel when the device is equipped with a “Trusted Execution Environment”. A so called TEE is a secure area inside the main processor of a smartphone which runs code isolated from other processes. That means even if the device gets compromised or hacked those keys can’t be extracted. Already a lot of modern Android phones out there are equipped with a TEE (mostly because it’s often used to play DRM protected material) and it even is a requirement for Google’s Android Nougat certification — so every phone running Android Nougat and later will come with a TEE installed.

SecureStorage uses its own dedicated private SharedPreferences to prevent conflicts with other possible SharedPreference instances and ensure that the content of the SecureStorage can only be accessed from the app which uses this library.

### Supported API's

__Symmetric__ key generation and storage in the Android KeyStore is supported from __Android 6.0 (API Level 23) onwards.__
__Asymmetric__ key generation and storage in the Android KeyStore is supported from __Android 4.3 (API Level 18) onwards.__

To support more devices SecureStorage uses for now the asymmetric key generation, which in the case of storing simple credentials is very secure and the potential lack of speed in contrast to symmetric key generation, is not noticeable. Nevertheless, make sure to move the execution into a background thread as encryption does take a little time.

### Usage

Add the library to your apps build.gradle:

```groovy
implementation "de.adorsys.android:securestoragelibrary:${latestSecureStorageVersion}"
```

To store a string value in your __SecureStorage__ you have to call:
```kotlin
SecurePreferences.setValue(context, "KEY", "PLAIN_MESSAGE")
```

This works for every other primitive data type. So for storing a boolean value:
```kotlin
SecurePreferences.setValue(context, "KEY", true/false)
```

for int
```kotlin
SecurePreferences.setValue(context, "KEY", 100)
```

for float and long
```kotlin
SecurePreferences.setValue(context, "KEY", 100.12345)
```

To retrieve a string value:
```kotlin
SecurePreferences.getStringValue(context, "KEY", ""/null)
```

And respectively for the other types
```kotlin
SecurePreferences.getBooleanValue(context, "KEY", false/true)
```
```kotlin
SecurePreferences.getIntValue(context, "KEY", 0)
```
```kotlin
SecurePreferences.getFloatValue(context, "KEY", 0F)
```
```kotlin
SecurePreferences.getLongValue(context, "KEY", 0L)
```

See if an entry exists in the SecurePreferences. Also returns `false` if the key pair does not exist:
```kotlin
SecurePreferences.contains(context, "KEY")
```

You can also remove an entry from the SecurePreferences:
```kotlin
SecurePreferences.removeValue(context, "KEY")
```

Clearing the SecurePreferences and deleting the KeyPair:
```kotlin
SecurePreferences.clearAllValues(context)
```

Everything about the cryptographic keys such as generating, maintaining and usage is handled internally by the module, so you do not need to worry about it.

If you want to keep track of changes in your SecureStorage you can register an OnSharedPreferencesChangeListener as follows:

``` kotlin
val listener = SharedPreferences.OnSharedPreferenceChangeListener { _, key ->
    // check if the key is the one you are listening for and react
}
SecurePreferences.registerOnSharedPreferenceChangeListener(this, listener)
```
Unregister the listener as soon as you don't need it any more with
``` kotlin
SecurePreferences.unregisterOnSharedPreferenceChangeListener(context, listener)
```


### Error handling
The library throws for everything a SecureStorageException. Within the SecureStorageException you can find a exception type. You can handle the error which occurred with the help of this type as follows:

```kotlin
try {
    SecurePreferences.setValue(context, KEY, "Secret")
    // or
    val decryptedMessage = SecurePreferences.getStringValue(context, KEY, "")
} catch (e: SecureStorageException) {
    handleException(e)
}
//
private fun handleException(e: SecureStorageException) {
    Log.e(TAG, e.message)
    when (e.type) {
        KEYSTORE_NOT_SUPPORTED_EXCEPTION -> Toast.makeText(this, "Oh", Toast.LENGTH_LONG).show()
        KEYSTORE_EXCEPTION -> Toast.makeText(this, "Fatal - YARK", Toast.LENGTH_LONG).show()
        CRYPTO_EXCEPTION -> Toast.makeText(this, "2h&$==0j", Toast.LENGTH_LONG).show()
        INTERNAL_LIBRARY_EXCEPTION -> Toast.makeText(this, "Blame it all on us", Toast.LENGTH_LONG).show()
        else -> return
    }
}
```

### Contributors:
[@drilonrecica](https://github.com/drilonrecica)

[@luckyhandler](https://github.com/luckyhandler)

### Want to know more:

These links cover security aspect of the android keystore:
<https://developer.android.com/training/articles/keystore.html#SecurityFeatures>
<https://source.android.com/security/keystore/>
<https://codingquestion.blogspot.de/2016/09/how-to-use-android-keystore-api-with.html>
<http://nelenkov.blogspot.de/2012/05/storing-application-secrets-in-androids.html>
<http://nelenkov.blogspot.de/2015/06/keystore-redesign-in-android-m.html>
<http://www.androidauthority.com/use-android-keystore-store-passwords-sensitive-information-623779/>  

This link covers security aspect of the android storage:
<https://developer.android.com/guide/topics/data/data-storage.html>
<http://stackoverflow.com/a/26077852/3392276>