Question

Store encryption key in native app

0

Hello, We need to do offline encryption in a native mobile app (Mendix 8.14.1). Is it save to store the encryption key in an offline constant? Or is it possible to read contents of constants of a native app for someone with bad intentions? If constants are not safe. what would be the best way to store the key? Thank you!

asked 2020-11-11

Diederik Wentink

2 answers

Eric Tieniber · Answer 1 · 2020-11-11

I’m not sure what your use case is, but I think the safe bet is to use something like react-native-encrypted-storage.

david verstricht · Answer 2 · 2020-11-11

You could considder creating an entity on your domain to store 1 object with the key, and then synchronize it.

This way the key is secured against people outside the application, and you can even define the user roles that are able to use the key.