Crypto APIs

Android boasts of a comprehensive crypto API suite that application developers can use to secure data, both at rest and in transit.

Android provides APIs for symmetric and asymmetric encryption of data, random number generation, hashing, message authentication codes, and different cipher modes. Algorithms supported include DH, DES, Triple DES, RC2, and RC5.

Secure communication protocols such as SSL and TLS, in conjunction with the encryption APIs, can be used to secure data in transit. Key management APIs including the management of X.509 certificates are provided as well.

A system key store has been in use since Android 1.6 for use by VPN. With Android 4.0, a new API called KeyChain provides applications with access to credentials stored there. This API also enables the installation of credentials from X.509 certificates and PKCS#12 key stores. Once the application is given access to a certificate, it can access the private key associated with the certificate.

Crypto APIs are discussed in detail in Chapter 6, Your Tools – Crypto APIs.