
learn how to securely store API keys in your Android app using public-key cryptography, a key store, encrypted shared preferences, and a backend server.
Explore the history of cryptography from Caesar cipher to modern cryptographic use, and see how algorithms and keys protect plaintext, ciphertext, confidentiality, integrity, non-repudiation, and authentication.
Explore the core principles of cryptography, including confidentiality, data integrity, non-repudiation, and authentication, and see how hashing, digital signatures, and SSL certificates uphold secure communication and data integrity.
Hash functions secure data integrity, authentication, and digital signatures by producing fixed-length hash values. They are deterministic, fast, pre-image resistant, collision resistant, and include MD5, SHA-1, SHA-256, SHA-384, and SHA-512.
Set up a new Android project from an empty activity template, configure Gradle and Kotlin 17, and add Dagger Hilt, Retrofit, Kotlinx serialization, encrypted shared preferences, and desugaring.
Explore how the Android keystore system securely stores and restricts cryptographic keys, using hardware-backed strongbox or trusted execution environments to prevent extraction and enable safe operations.
Implement the key provider service using Retrofit to post a public key and receive encrypted API keys, wiring Dagger Hilt for a singleton Retrofit instance in an Android app.
Create a main ViewModel to connect with the backend, send a public key, decrypt the encrypted response into API keys, and store them securely in encrypted shared preferences for display.
Discover cobweb, a Kotlin-based composer HTML framework that unifies front-end and back-end development, enables live reloading, API routes, and a silk UI library for building backend endpoints for Android apps.
Create a data encryption object to encrypt data with a client public key, integrate Kotlinx serialization via Gradle, and define a serializable keys model for Android-server communication.
Create a key provider endpoint in the api package using a suspend function annotated as API to fetch public key, encrypt two API keys, and return encrypted JSON.
Test the backend and Android app by enabling internet and clear text traffic, sending a public key to the server, and validating encrypted key data through network inspection.
Apply a layered security approach by storing api keys on the backend, using a shared secret and user authentication with public key cryptography, and audit logs, https, and code obfuscation.
Implement an encrypted DataStore migration on Android by replacing encrypted shared preferences with a Kotlin coroutines-based DataStore, using a custom serializer to automatically encrypt and decrypt keys.
In this short-length course I will teach you how to securely store API keys in your Android App, without exposing them to the public. With the help of a Public Key Cryptography, Android Keystore System, Encrypted Shared Preferences and our own Backend server, you will achieve exactly that.
Public key cryptography, also known as asymmetric cryptography, is a cryptographic approach that uses key pair: public key and private key. Each key pair consists of a public key and a private key that are mathematically related but cannot be derived one from another.
This approach will help us to securely exchange the data between a client and a server. API Keys will be initially stored securely on our backend Server. The server and the client will exchange the public key, to encrypt the data, before sending it back to the client.
That way we can make sure that no one can read the actual data which is exchanged. Only our Android application will hold the private key to decrypt the data, and securely store the API keys on a device.
Android Keystore system is a part of the Android operating system that provides a secure storage facility for cryptographic keys, certificates, and related information. It is designed to protect sensitive data, such as private keys used for encryption and authentication, from unauthorized access.
I will provide you with some more detailed information about the Keystore System itself and how does it work. We will utilize that system to securely store the Public Key Pair that is going to be generated for us.
So what are you waiting for, let's get started!