Use Android Keystore to secure a database encryption key
Tests Android Keystore key generation and hardware trust boundaries. Strong answers: KeyGenParameterSpec with AES/GCM, TEE vs StrongBox isolation, setIsStrongBoxBacked on API 28+ with fallback, wrapping the database key. Red flag: claims Keystore encrypts DBs.
Tests Android Keystore key generation and hardware security boundaries. A strong answer covers: generating an AES key via KeyGenerator with KeyGenParameterSpec, setting encrypt and decrypt purposes, and using it to wrap the database encryption key. It distinguishes TEE keys (isolated from the OS) from StrongBox keys (dedicated secure hardware, API 28+), and shows requesting StrongBox via setIsStrongBoxBacked(true) with UnsupportedOperationException fallback to TEE. Red flag: claiming Keystore encrypts DBs directly, or ignoring fallback.
Read the original → developer.android.com
- #android
- #keystore
- #security
- #cryptography
- #tee
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.