Extensions to encrypt DataStore using Tink
encrypted-datastore
Extensions to encrypt DataStore using Tink.
⚠️ This tiny library will be maintained until an official solution for DataStore encryption will be released by Google.
Installation
Add the dependency:
repositories {
mavenCentral()
google()
}
dependencies {
implementation("io.github.osipxd:encrypted-datastore:1.0.0-alpha02")
}
Usage
First, you need Aead
object to encrypt DataStore or you may use already created one:
val aead = AndroidKeysetManager.Builder()
.withSharedPref(context, "master_keyset", "master_key_preference")
.withKeyTemplate(KeyTemplates.get("AES256_GCM"))
.withMasterKeyUri("android-keystore://master_key")
.build()
.keysetHandle
.getPrimitive(Aead::class.java)
Then you can make any DataStore Serializer encrypted using extension-function Serializer<T>.encrypted(Aead)
:
object ProtoProfileSerializer : Serializer<Profile> {
// serializer implementation here
}
val dataStore = DataStoreFactory.create(ProtoProfileSerializer.encrypted(aead)) {
context.dataStoreFile("proto_profile")
}
If you need to create encrypted PreferenceDataStore
, use function createEncrypted
instead of create
:
val prefsDataStore = PreferenceDataStoreFactory.createEncrypted(aead) {
context.preferencesDataStoreFile("user_preferences")
}
Thanks
- Artem Kulakov (Fi5t), for his example of DataStore encryption.
- God, for posibility to hack Kotlin internal visibility modifier