Mehran Zamani Mehran Zamani - 9 months ago 35
Android Question

How to access RSA private key at start of an app?

I want to have a

RSA
pair key (private and public key) saved before running so i can send my encrypted message(with public key) and when server gives me a result back, decrypt it using private key.

Obviously i want my private key to be safe from any vulnerability such as exposure. I don't want to generate/store it in Run Time(like using
keystore
). It should exists with application package.

bottom line i don't want to generate RSA key pairs each time i run my app, because i want to put those in my server too and i want a secure way to store them(there are some ways to extract things.

Answer Source

I do not recommend to embed a RSA encryption/decryption keypair in your app because:

  • If the key is compromised then the security of your system is affected completely and you will need to distribute a new app to all your users

  • The ciphertext size is limited by the key length

To encrypt/decrypt messages between client and server you just need to use a TLS channel (https).