Encryption

In the open event orga app the user credentials need to be stored in a secured manner so that they are safe and are not an easy target for hackers. Currently they are not stored in a secure manner. The credentials cannot be stored in the shared preference because if someone gets root access to the phone then it is easy to retrieve the user credentials. So as to prevent such a disaster from happening we are using Android Keystore in the orga app. Introduction Android Keystore actually allows users to store the cryptographic keys in a container so that it becomes more difficult to extract them from the device. Once keys are in the keystore, they can be used for cryptographic operations with key-material remaining non-exportable. So the keystore are primarily has 2 main functions : Random generation of keys. Securely storing the keys in its container. Following are primarily the main steps followed for encryption and decryption of data in android. When the app runs for the first time, there is random generation of keys. Suppose a secret needs to be encrypted then the key generated in the first step need to be obtained from the keystore and the data is encrypted with it and the data is stored in the shared preference . When the data needs to be decrypted the required key is obtained from the keystore and then the data is decrypted with its help.   In the Open Event Orga App, the following methods have been followed to implement the Android Keystore: A separate module is created in the data package by the name encryption which would handle the encryption and consist of an interface EncryptionService and its implementation class EncryptionServiceImpl.   The EncryptionService interface consist of the following code. This interface is implemented in the EncryptionServiceImpl and is accessed from the LoginViewmodel. public interface EncryptionService {   String encrypt(String credential);   String decrypt(String encryptedCredentials); } Now the implementation of the EncryptionServiceImpl is shown below. It mainly consist of 3 main methods. createKeys( ) This method is specifically used for generating keys. We use the KeyPairGeneratorSpec for doing this. This method was added in API> 18.This method generates public key and private key pairs such RSA. So firstly we create a start and end time for the validity range of the key pair that will be created. After this a new KeyPairGeneratorSpec object is created where we pass on the context. We also set the ALIAS here which is later used to retrieve the key from the Android key store. The start time and the end time are also set here and finally it is build.   In the next step the KeyPairGenerator is initialized with the intended Algorithm. In this project we are using TYPE_RSA. private void createKeys() throws NoSuchProviderException,   NoSuchAlgorithmException, InvalidAlgorithmParameterException {   Calendar start = new GregorianCalendar();   Calendar end = new GregorianCalendar();   end.add(Calendar.YEAR, 25);   KeyPairGeneratorSpec spec =       new KeyPairGeneratorSpec.Builder(context)           .setAlias(ALIAS)           .setSubject(new X500Principal("CN=" + ALIAS))           .setSerialNumber(BigInteger.valueOf(1337))           .setStartDate(start.getTime())           .setEndDate(end.getTime())           .build();   final KeyPairGenerator kpGenerator = KeyPairGenerator.getInstance(TYPE_RSA, KEYSTORE);…