我想隐藏由用户加密用户的手机中输入一些数据。据我知道，我可以加密/使用键/种子值解密数据，但如果我躲在code中的键值，我知道它可以以某种方式找到（如反编译了Java code）。

I want to hide some data that is entered by user in user's phone encrypted. As far as I know I can encrypt/decrypt data using a key/seed value, but if I hide the key value in code, I know it can be found somehow (e.g. decompiling the Java code).

你有什么建议，使这个过程更硬？

Do you have any suggestions to make the process harder?

推荐答案

这是不可能隐藏在应用程序的关键，使得资源丰富的黑客将无法将其拉出。您可以尝试混淆的关键，并使其很难找到，但它总是会做些力所能及。

It is impossible to hide the key in the app such that a resourceful hacker won't be able to pull it out. You can try to obfuscate the key and make it difficult to find but it will always be do able.

请参阅本：http://www.excelsior-usa.com/articles/java-obfuscators.html#examples

最好的办法是要求用户指定一个PIN或密码，并使用它作为加密密钥。这样，如果设备丢失或被盗的关键仍然是安全的，它也prevents从反编译你的应用程序的人，并获得加密密钥为应用程序的所有实例。

The best option would be to require your users to specify a PIN or password and to use that as the encryption key. That way if the device is lost or stolen the key is still safe and it also prevents someone from decompiling your app and getting the encryption key for all instances of your application.