我创建一个应用程序来存储加密的数据。

I'm creating a app to store encrypted data.

在这个问题，OP SI建议存储用户的凭证清晰。

In this question, the OP si advised to store user's credential in clear.

但是，如果我想存储与SecretKeySpec（用于加密数据的一个）创建一个加密的密码？从我的理解密钥本身进行加密。

But what if I'd like to store an encrypted password created with SecretKeySpec (the one used to encrypt data)? From my understanding the secret key is itself encrypted.

所以，我可以我存储和检索。

So I can I store and retrieve it.

请注意：我不要求如何存储preferences，只是如果我是如何SecretKeySpec工作原理以及如何，排序，序列化和检索的加密密码的理解

Note: I'm not asking how to store preferences, just if my understanding of how SecretKeySpec works and how to, sort of, serialize and retrieve the encrypted password.

修改：对不起，我忘了指定它需要与API级别4兼容

EDIT: Sorry, I forgot to specify it needs to be compatible with API level 4.

推荐答案

直接从开发者网站

聪明地安全！

重要的是要明白的AccountManager不是一个加密服务或钥匙串。它存储帐户凭据就如同你通过他们，以纯文本格式。在大多数设备上，这是不是一个特别的关注，因为它们存储在数据库中，这只是访问的根。但根深蒂固的设备上，凭据是任何人都能读与亚行对设备的访问。

It's important to understand that AccountManager is not an encryption service or a keychain. It stores account credentials just as you pass them, in plain text. On most devices, this isn't a particular concern, because it stores them in a database that is only accessible to root. But on a rooted device, the credentials would be readable by anyone with adb access to the device.

考虑到这一点，你不应该在用户的实际密码传递给AccountManager.addAccountExplicitly（）。相反，你应该存储加密的安全令牌，这将是有限的使用给攻击者的。如果您的用户凭据保护有价值的东西，您应该谨慎考虑做类似的事情。

With this in mind, you shouldn't pass the user's actual password to AccountManager.addAccountExplicitly(). Instead, you should store a cryptographically secure token that would be of limited use to an attacker. If your user credentials are protecting something valuable, you should carefully consider doing something similar.

记住：当涉及到安全code，遵循流言终结者的规则：不要在家里尝试这个！实施任何自定义帐户code之前，请咨询安全专家。

Remember: When it comes to security code, follow the "Mythbusters" rule: don't try this at home! Consult a security professional before implementing any custom account code.

现在，保安免责声明是出的方式，是时候回去工作。你已经实施了您的自定义帐户code中的肉;剩下的就是管道。

Now that the security disclaimers are out of the way, it's time to get back to work. You've already implemented the meat of your custom account code; what's left is plumbing.