2

I am trying to create a secure database for a mobile app using the as3corelib EncryptionKeyGenerator package from here https://github.com/mikechambers/as3corelib/blob/master/src/com/adobe/air/crypto/EncryptionKeyGenerator.as

but when I run it I get the following error:

Error: EncryptedLocalStore is not supported on the current platform
    at flash.data::EncryptedLocalStore$/setItem()

Googling around I see it is becaue the ELS is not supported for mobiles. Does anyone know of the best solution to this problem? I guess I could use the persistence manager to store the information but I am not sure this is the most secure method.

Sébastien Le Callonnec
  • 26,254
  • 8
  • 67
  • 80
JaChNo
  • 1,493
  • 9
  • 28
  • 56

2 Answers2

3

I think your best bet is to investigate using an encrypted SQLLite Database. Here is some info on this:

http://cookbooks.adobe.com/post_AIR_Encrypted_SQLite_Database-16250.html

http://www.adobe.com/devnet/air/flex/quickstart/articles/encrypted_database.html

JeffryHouser
  • 39,401
  • 4
  • 38
  • 59
  • Actually the second link you posted is the example I was following to try and create the secure sqldb. It looked a better option as it was creating a salt in order to secure the database and then storeing that salt in the ELS. which is where I ran in to problems. I was hoping that mobile devices had an ELS equivelent so I could just adapt the EncryptionKeyGenerator.as code. I am worried that leaving the seed in plain view(as shown in the first link) is just not that secure. Although the fallback is that the user password used to open the database is never shown. – JaChNo Aug 15 '11 at 15:29
  • I disagree, Don't get me wrong I think Flextras is really helpful had has given good advice and answers before. But my question was really about the best alternative to the ELS for mobile devices. if you attempt to implement the as3corelib on a mobile application it won't work. so you can use the example in the first link that was posted which just used the user specified password. But if you are able to implement the method in the second link then you would have a solution that secures the db with a user password that is salted with a salt key specific to the device the app is installed on – JaChNo Aug 16 '11 at 08:39
1

EncryptedLocalStore is available on AIR on the Android platform only since 3.0, so you should now be able to use it on your mobile device; see http://devgirl.org/2011/09/22/flex-mobile-development-encrypting-data/ for an example.

Sébastien Le Callonnec
  • 26,254
  • 8
  • 67
  • 80