How to create an editable object for cwac saferoom

Question

please am working on app that store sensitive user data on a database upon googling on how to do the answers point me to cwac saferoom since am using room for my database but the problem am facing are:

1. Cwac saferoom required i pass in an edittable object meani g the same method i call on edittext to get the input string as passphrase i dont really know how make a that object out of a string

2. How do i safely store the password on the device also

Please am using java

Answer 1

Cwac saferoom required i pass in an edittable object

Quoting the documentation: "The SafeHelperFactory constructor takes a either a byte[] or a char[] for the passphrase.". There is a utility method that takes an Editable, for the recommended path of getting the passphrase from the user. So, just create a SafeHelperFactory object via the constructor:

SafeHelperFactory factory = new SafeHelperFactory(thePassphraseFromTheUser);

i dont really know how make a that object out of a string

It is not a good idea to have a passphrase in a String. See:

• https://www.sjoerdlangkemper.nl/2016/05/22/should-passwords-be-cleared-from-memory/
• Why is char[] preferred over String for passwords?

But, for tests and stuff, call toCharArray() on your String to get a char[] to pass to the SafeHelperFactory constructor:

SafeHelperFactory factory = new SafeHelperFactory(stringPassphraseFromTheUser.toCharArray());

How do i safely store the password on the device also

Generally, you don't. You get the passphrase from the user.

If your minSdkVersion is 23 or higher, you could use androidx.security:security-crypto classes to store a generated passphrase in hardware-encrypted storage.