Are KeyStore Entries Lost When the Application is Uninstalled?
This is a common question for developers who use KeyStores to store sensitive information like encryption keys, certificates, and private keys. The answer, unfortunately, is not straightforward. It depends on how the KeyStore is implemented and where it’s stored.
Types of KeyStores
There are several types of KeyStores, each with different storage mechanisms.
1. Android KeyStore
- Location: Securely stored within the device’s operating system, isolated from the application’s data.
- Persistence: Entries are retained even after the application is uninstalled, but only accessible by other applications with the necessary permissions.
2. Application-Specific KeyStores
- Location: Stored within the application’s data directory.
- Persistence: Entries are removed when the application is uninstalled.
3. External KeyStores (Files)
- Location: Stored as files in external storage (e.g., SD card).
- Persistence: Entries remain if the file is not deleted manually.
Keystore Persistence: A Comparison
| Keystore Type | Persistence | Notes |
|---|---|---|
| Android KeyStore | Yes (but only for authorized apps) | Offers strong security and privacy protection. |
| Application-Specific KeyStores | No | Best for storing temporary data or data linked to the application. |
| External KeyStores (Files) | Yes (if not deleted manually) | Less secure compared to Android KeyStore, but offers flexibility. |
Code Examples
1. Android KeyStore
// Creating a key in Android KeyStore
KeyGenerator generator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
generator.init(new KeyGenParameterSpec.Builder("myKey", KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
.build());
SecretKey key = generator.generateKey();
// Retrieving the key after application uninstallation
SecretKey key = (SecretKey) KeyStore.getInstance("AndroidKeyStore").getKey("myKey", null);
// Output: // The key will be accessible to other apps with necessary permissions.
2. Application-Specific KeyStore
// Creating a KeyStore in application data directory
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, "password".toCharArray());
keyStore.setEntry("myEntry", new KeyStore.SecretKeyEntry(key), new KeyStore.ProtectionParameter("password".toCharArray()));
// Accessing the key after application uninstallation
// Output: The key will be lost as the data directory is deleted.
3. External KeyStore (File)
// Creating a KeyStore file
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(new FileInputStream("myKeystore.jks"), "password".toCharArray());
keyStore.setEntry("myEntry", new KeyStore.SecretKeyEntry(key), new KeyStore.ProtectionParameter("password".toCharArray()));
keyStore.store(new FileOutputStream("myKeystore.jks"), "password".toCharArray());
// Accessing the file after application uninstallation
// Output: The file will be accessible if it's not manually deleted.
Conclusion
The persistence of KeyStore entries depends on their type and storage location. Android KeyStore offers secure persistence, while application-specific and external KeyStores do not. Carefully consider these factors when deciding where to store your sensitive information.