0

I develop an android application, and I used an open source library called cacheword to handle it's password. Now I want to set another password for it, which I mean I want my app has two password! But I can't do it, because according to this function of this library:

public void setPassphrase(char[] passphrase) throws GeneralSecurityException {
        PassphraseSecrets ps;
        if(SecretsManager.isInitialized(this.mContext)) {
            ps = PassphraseSecrets.fetchSecrets(this.mContext, passphrase);
        } else {
            ps = PassphraseSecrets.initializeSecrets(this.mContext, passphrase);
            if(ps == null) {
                throw new GeneralSecurityException("initializeSecrets could not save the secrets.");
            }
        }

        this.setCachedSecrets(ps);
    }

it can set just one password. So I decided to change this method somehow and handle the second password! But when I start doing this, I understand it's not that too easy!! :)) Because it uses the other function of the library! Can you help me how can I solve this problem!?!

Zeinab
  • 43
  • 10
  • you can modify this lib but one simple solution is store one key in it and use that key to encrypt/decrypt other Strings , then you can save that Strings in any where. – MHP Aug 19 '17 at 07:23
  • @MHP Well actually I want to have that second password as a fake password, so if someone force me to open the app, I can enter the fake password, so the wrong data will be show. So I don't want to use the original password then. Now how can I use your solution in this way?!? – Zeinab Aug 19 '17 at 07:30
  • you can do this. your cacheword password just use for encrypt/decrypt. it means that you keep original password and fake one for example in sharedPref (notice that they are encrypted by cacheword password). so whether use original pass or fake pass , use cacheword password to decrypt them and then decide to show which data base on entered pass. – MHP Aug 19 '17 at 07:40
  • @MHP If I understand correctly, If I do that, when I open the app, at first I should enter the cacheword pass, then the original or fake pass! So for a period of time the bad guy can access to the fake password and original password! It's not safe for the data then!! :( – Zeinab Aug 19 '17 at 08:04
  • nope, when you open app for example you enter fake pass, your cacheword pass get one time at first run or retrive by web or exist in code. – MHP Aug 19 '17 at 08:08
  • @MHP I don't have cacheword pass until the user enter it, do I ?!? And if I store it it's not safe anymore! – Zeinab Aug 19 '17 at 10:24

0 Answers0