Keep data decrypted during runtime

Question

In my app, i generate and save private keys. They are encrypted using AES as described here (http://nelenkov.blogspot.com/2012/05/storing-application-secrets-in-androids.html). I've seen another entry on smiliar subject (http://nelenkov.blogspot.com/2012/05/storing-application-secrets-in-androids.html), but this solution gives no guarantee to work on all devices.

Everything is fine except one thing. Everytime usertime wants to get access to one of the encrypted files (or create new one) he needs to enter pin/password (which is very frustrating). I'm looking for a way to somehow avoid this, so as long as user don't leave aplication his password is stored.

The only solution i found is to load everything after user enters password and keep it in memory, but I don't think it's good one.

Answer 1

Cache your keys for a certain period of type (say 10 mins) and clear them afterwards. You can set alarms using AlarmService for this. There was a library project that does this for you, but I haven't used it personally:

https://github.com/guardianproject/cacheword

Answer 2

Why not create a custom Application subclass, and store the password there?

So something like:

public class App extends Application {
    private static String sPassword;

    public String getPassword() {
        return sPassword;
    }
}

Then use it:

String password = ((App) context.getApplication()).getPassword();
if(password != null && !password.isEmpty() {
    // Decrypt files
} else {
    // Prompt user for password, and save it to the Application
}

You'll also have to specify your custom Application in your manifest: <application android:name="com.my.awesome.App" ....