Encrypt or Hide sensitive data

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Encrypt or Hide sensitive data

leokan23
I am working on a new project, which needs to be a bit more secure than
usual. In the app there are several keys for 3rd party services (like push
notifications for example). This keys are used as String and I want to
encrypt them or hide them somehow, to avoid someone decompiling the app and
getting them.

What would be the best approach?



--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/
Reply | Threaded
Open this post in threaded view
|

RE: Encrypt or Hide sensitive data

Jeff Dafoe-2


Use a service to retrieve the keys before they’re needed for whatever.  The service should send them via an encrypted message, then decrypt into memory.  Clear the var as quick as possible when done.



________________________________
From: leokan23 <[hidden email]>
Sent: Friday, March 8, 2019 10:58:26 AM
To: [hidden email]
Subject: Encrypt or Hide sensitive data

I am working on a new project, which needs to be a bit more secure than
usual. In the app there are several keys for 3rd party services (like push
notifications for example). This keys are used as String and I want to
encrypt them or hide them somehow, to avoid someone decompiling the app and
getting them.

What would be the best approach?



--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Encrypt or Hide sensitive data

leokan23
In reply to this post by leokan23
This is what I usually do, but what about the first credentials? They are
still available within the app. I mean the credential to authenticate the
service.



--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/
Reply | Threaded
Open this post in threaded view
|

Re: Encrypt or Hide sensitive data

bilbosax
I pull a key and credentials from a database service that gets encrypted
through HTTPS.  I then use that key to encrypt data in a local sqllite
database.  I made it so I have to pull the key from the service everytime I
want the encrypted data from my local Sqllite.  Just don't ever lose the key
;)

Don't know how secure this is, but it was the approach I took.



--
Sent from: http://apache-flex-users.2333346.n4.nabble.com/