Catching up with msicc.net, Part III: encryption with Xamarin applications
This is the third post of my series to catch up with my already existing blog. In these days, encryption of sensitive data is more important than ever. Of course, there are quite a few samples floating around the web, but most of them have one common issue - they relied on user input and/or hardcoded values. This is a very bad practice (imo) if you want to make sure that sensitive data is as save as possible.
Even though I am using this in Xamarin Forms apps, all the implementations are platform specific. This ensures that I am able to use the native features of all platforms and provides the highest possible security level.
Android
On Android, I am using the AndroidKeyStore to create and store encryption keys. I created a helper class that can be used in Xamarin Android apps as well as routed into the Xamarin Forms app (although I never needed that, personally):
Xamarin Android: asymmetric encryption without any user input or hardcoded values
iOS
For iPhone/iPad, I am using the iOS KeyChain to create and store encryption keys. Like on Android, I implemented the whole needed stuff in an helper class. There is some more work to do, you can see everything in this article:
How to perform asymmetric encryption without user input/hardcoded values with Xamarin iOS
UWP
The UWP implementation goes even further and does not issue any keys directly. Instead, everything is handled by the operating system. The only thing one has to decide if storage of keys happens on user or machine level. Read more here:
Using the built-in UWP data protection for data encryption
As always, I hope these posts are helpful for some of you out there. Until the next post, happy coding, everyone!