Android holds the key, decompiles fear

Question

Android holds the key, decompiles fear

I use awesome FPS and I have to store the secret key in java code. However, I am afraid that someone will decompile my apk and find the key. I decompiled apk myself and could not find the key, but I am not a VM expert. Any help?

+6

android dalvik decompiler

Faisal abid Jan 03 '09 at 4:29

source share

2 answers

A certain enough person will be able to extract your key, and in fact there is not much that can be done about this. You can try to somehow confuse the keys (raise the bar on how they should be defined), but you cannot make them not get the key.

However, depending on why you need to store the secret key, you can use Asymmetric key cryptography . You can save the public key, which can be limited by encryption (not decryption) or authentication, while it can keep the secret key safe.

+1

Adam luchjenbroers Jan 03 '09 at 4:51

source share

dmazzoni · Accepted Answer · 2010-01-03T05:33:15+0000

You cannot put your encryption key in your application and expect it to remain secret. All that is required is one certain programmer to decompile it and find the key, and they can share it with the world.

Asymmetric public key cryptography is exactly the solution you want. Create a public / private key pair, then put the public key in your application and save the private key yourself. Then you can do two things:

Your application can encrypt a message using a public key, which can only be decrypted using a private key.
Or you can sign the message using a private key that can be authenticated using the public key in your application.

Android holds the key, decompiles fear

More articles: