Extensions to encrypt DataStore using Tink

encrypted-datastore

Extensions to encrypt DataStore using Tink.

⚠️ This tiny library will be maintained until an official solution for DataStore encryption will be released by Google.


Installation

Add the dependency:

repositories {
    mavenCentral()
    google()
}

dependencies {
    implementation("io.github.osipxd:encrypted-datastore:1.0.0-alpha02")
}

Usage

First, you need Aead object to encrypt DataStore or you may use already created one:

val aead = AndroidKeysetManager.Builder()
    .withSharedPref(context, "master_keyset", "master_key_preference")
    .withKeyTemplate(KeyTemplates.get("AES256_GCM"))
    .withMasterKeyUri("android-keystore://master_key")
    .build()
    .keysetHandle
    .getPrimitive(Aead::class.java)

Then you can make any DataStore Serializer encrypted using extension-function Serializer<T>.encrypted(Aead):

object ProtoProfileSerializer : Serializer<Profile> {
    // serializer implementation here
}

val dataStore = DataStoreFactory.create(ProtoProfileSerializer.encrypted(aead)) {
    context.dataStoreFile("proto_profile")
}

If you need to create encrypted PreferenceDataStore, use function createEncrypted instead of create:

val prefsDataStore = PreferenceDataStoreFactory.createEncrypted(aead) {
    context.preferencesDataStoreFile("user_preferences")
}

Thanks

  • Artem Kulakov (Fi5t), for his example of DataStore encryption.
  • God, for posibility to hack Kotlin internal visibility modifier

License

MIT

GitHub

View Github