I am encrypting the communication with the server in my blackberry app. I am using the RC4 encryption which needs a key to be provided. What's the best place to hide this key inside the application ? First of all is application a good place to store the key and second, is it safe to use a String variable to store the key ? Any suggestions/tips ?
Asked
Active
Viewed 95 times
2
Michael Donohue
- 11,776
- 5
- 31
- 44
Cemre Mengü
- 18,062
- 27
- 111
- 169
-
Either have the user enter a password, or negotiate the key during the transfer. So you don't need to store any key permanently. – CodesInChaos Nov 10 '12 at 19:26
1 Answers
2
That depends on what your definition of 'safe' is. If you put the key in plain text anywhere in the application there are people with the skills to find it and use it to compromise your application communications. Whether that happens or not will depend on how attractive doing that would be.
You could place it in the device keystore, but you would still have to distribute the key somehow.
Why aren't you using SSL/TLS?
Richard
- 8,920
- 2
- 18
- 24