Trials and tribulations of software development…
Adobe AIR 3.0 Beta is now publicly available and includes a key feature that many may not yet be aware of, EncryptedLocalStore support. The EncryptedLocalStore is a class that ‘provides a persistent, encrypted data storage mechanism.’ This class was available for use in AIR Desktop applications but restricted on mobile until this latest AIR 3.0 release. It’s very simple to use. I created a sample with it, showing how you might save a person’s login data. Below are some code snippets that show the key parts of use for storing, retrieving and removing data using it, followed by a link to the sample project source code:
protected function storeLoginData():void
{
if (userid.text!=null)
{
var pwBytes:ByteArray = new ByteArray();
pwBytes.writeUTFBytes(password.text);
EncryptedLocalStore.setItem(userid.text, pwBytes);
...
}
...
}
protected function retrievePassword():void
{
...
if (userid.text!=null && userid.text.length>0) {
var storedValue:ByteArray = EncryptedLocalStore.getItem(userid.text);
if (storedValue!=null) {
password.text = storedValue.readUTFBytes(storedValue.length);
this.chkRemember.enabled=false;
}
else {
erase();
log.appendText("No stored data found for userid: " + userid.text);
}
}
...
}
protected function removeLoginData():void
{
if (userid.text != null && userid.text.length>0) {
EncryptedLocalStore.removeItem(userid.text);
}
...
}
Please note that you will need to add the compiler argument -> -swf-version=13 to any projects you build that use this. Right click on the Project root and select Properties -> Flex Compiler and add it into the additional compiler arguments. Mine looks like this:
HERE is the sample project source code
Note: You could/should also join the Flex/Flash Builder 4.6 prerelease to get the latest versions which includes the AIR 3.0 SDK and a bunch of other new features explained in detail here!
Holly Schinsky is a Developer Evangelist at Adobe Systems, Inc.
Disclaimer: This blog contains my personal thoughts and not those of my employer.
Hi Holly,
This is very useful. But how is the actual data being stored on the device? Is it using symmetric encryption or somehow using public keys? I guess what I’m getting to is: how secure is this?
Also, this part of the code looks odd:
var pwBytes:ByteArray = new ByteArray();
pwBytes = new ByteArray();
Regards,
Lee
Oops, good catch on the pwBytes redundancy, that was not meant to be that way
. I fixed it above and in the fxp, thanks!
I’ll get back to you with more details on the specific encryption used.
Cheers!
Holly
I read on Adobe’s live docs that the encrypted store uses AES-CBC 128-bit encryption
Thanks for the info Holly, it was a great help to me.
Great article! It might be worth noting that you need to add “-swf-version=13″ to your compiler arguments in order to get it to work. Thanks!
Hi Nathan! Yes, this is a good thing to point out. I updated the post with it along with a screenshot, thanks much!! Holly
It seems you are using flex 4.5.2 SDK .. is it available yet ? if not when would it be ? with 4.5.1 it does not allow to run the application. it throws runtime error.
Got it nevermind.
Where did you find 4.5.2 ?
Hi i have one query could u please help me , Panel control not supported for Flex Mobile Project in Flash builder 4.5. There is any alternate control to add some data dynamically (using Actin Script). please help me thanks in advance …
Hi Holly, I am developing our GIS web application for iOS, which has GPS functionality (zoom map to where I am). We are using Flash Builder 4.5 for coding, and somehow the Locate Me function is not working. This could be an issue only with my iPhone, the reason I say that is when I test an Ad Hoc built of the application on my iPhone 4, and setting GPS and location-services as required devices, the application wont install on my iPhone, with an error message of device not being compatible generated by iTunes. Here is the code in my Main-app.xml file for the iPhone section:
<![CDATA[
UIDeviceFamily
1
2
telephony
YES
UIRequiredDeviceCapabilities
location-services
YES
GPS
YES
]]>
high
Another code that replaced the above was:
<![CDATA[
UIDeviceFamily
1
2
telephony
YES
UIRequiredDeviceCapabilities
location-services
GPS
]]>
high
The above one did install on my iPhone, but the Locate Me function was not working (map does not zoom to device’s location). Though Google Map’s same functionality is working, and my location service in my iPhone is enabled.
here is my actionscript code:
private function init():void
{
geolocation_creationCompleteHandler(‘onStart’);
}
public var geolocationType:String;
protected function geolocation_creationCompleteHandler(type:String):void
{
if(type == ‘onStart’)
{
geolocationType = type;
}
else
{
geolocationType = ‘fButton’;
}
if( Geolocation.isSupported )
{
g = new Geolocation();
locateMeBut.enabled = true;
g.setRequestedUpdateInterval(1000);
if( g.muted )
{
locateMeBut.enabled = false;
myMap.addEventListener(MapEvent.LOAD, goToInitialExtent);
return;
}
g.addEventListener(GeolocationEvent.UPDATE,geoLocation_UpdateHandler, false,0,true);
}
else
{
//don’t do anything, gps is not supported or not on
}
}
I think I found a solution, thank you
Your posts are great!!
[...] here: Flex Mobile Development – Encrypting Data This thing was constructed by Karl Matthews. You can follow comments through the RSS 2.0 feed. You [...]
Hi Holly,
I raised a question earlier about the security mechanism used for this.
I’ve had a chance to review AIR 3 and play with this under iOS and Android (soon PlayBook), and I think that I know the answer:
It seems that the AIR EncryptedLocalStore uses the underlying operating system APIs for security.
This seems to work securely under iOS, but not Android. On Android (2.3 in my case), you can get at the data by simply rooting the device.
I will test this later on PlayBook.
This raises a huge issue: How do I know for certain that the data has truly been encrypted? Should it not throw an exception under Android? Once again, any hacker would be able to get at the data.
Please let me know if this is a bug, or if there is something I missed.
Of course, a weak work-around would be to specifically check for Android and to warn the user that the data is not secure.
The other option is to create an encryption ANE and specifically ask the user for a password, or use a ticketing mechanism to automate this. Either way, that’s a lot more work.
Regards,
Lee
Hi Holly,
Great tutorial! I have a question. Is there a way to download mp4 videos to a device (iPad) with Flash Builder and AIR3 and access them through a Flash Builder app?
Thanks
Mike
Hi Holly,
Maybe you can help me out. I’m trying to use EncryptedLocalStore for AIR. I got it to work well, but it’s not supported on AIR for Android. Is there an alternative ‘saving’ mechanism?
Hi Joe, the EncryptedLocalStore is included in AIR 3 and above. What version of AIR are you using? Cheers! Holly
Well Holly, I’m not sure. The player option I selected in Flash CS5.5 simply reads ‘AIR for Android’ and doesn’t specify which version. Should I try downloading an update?
Thanks
I am reading mixed messages that EncryptedLocalstore will not work if the Air application is updated even if the publisher id is not changed. Is this true?
Hi
i want to know how to open a PDF file in android Motorola XOOM
i used the StageWebView method but it works in windows but when i checked it on device it shows just white empty screen
even i first download the file from server save it locally and then try to open but nothing.
file saves in android but not opening in device.
please i need solution.
Best way it to write native extension to open the files. In native extensions use intents.
Intent intent = new Intent(android.content.Intent.ACTION_VIEW);
intent.setDataAndType(Uri.parse(text), vibExtContext.mimeMap.get(text.substring(text.lastIndexOf(“.”)+1, text.length()).toLowerCase()));
intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
context.getActivity().startActivity(intent);
Sir Kedar i need complete example please if you have example can you share it to me ?
merhaba,
paylasiminiz icin tesekkur ederim..
gizli ilimler ve yer altı sanatları hakkında her şeye kolaylıkla ulaşabilirsiniz…
saygılar
=================
hello,
thanks for share,
can u share with us some public great source codes for ios and android?
kind regards.