Package | mx.data.crypto |
Class | public class EncryptionKeyGenerator |
Inheritance | EncryptionKeyGenerator Object |
Language Version: | ActionScript 3.0 |
Product Version: | LiveCycle Data Services for Java EE 3.1 |
Runtime Versions: | Flash Player 9, AIR 1.1 |
This class uses techniques and algorithms that are designed for maximum data privacy and security. Use this class to generate an encryption key if your application requires data to be encrypted on a per-user level (in other words, if only one user of the application should be able to access his or her data). In some situations you may also want to use per-user encryption for data even if the application design specifies that other users can access the data. For more information, see "Considerations for using encryption with a database" in the guide "Developing Adobe AIR Applications with Flex."
The generated encryption key is based on a password that you provide. For any given password, in the same AIR application running in the same user account on the same machine, the encryption key result is the same.
To generate an encryption key from a password, use the getEncryptionKey()
method. To confirm that a password is a "strong" password before calling the
getEncryptionKey()
method, use the validateStrongPassword()
method.
In addition, the EncryptionKeyGenerator includes a utility constant,
ENCRYPTED_DB_PASSWORD_ERROR_ID
. This constant matches the error ID of
the SQLError error that occurs when code that is attempting to open an encrypted database
provides the wrong encryption key.
This class is designed to create an encryption key suitable for providing the highest level of data privacy and security. In order to achieve that level of security, a few security principles must be followed:
- Your application should never store the user-entered password
- Your application should never store the encryption key returned by the
getEncryptionKey()
method. - Instead, each time the user runs the application and attempts to access the database,
your application code should call the
getEncryptionKey()
method to regenerate the encryption key.
For more information about data security, and an explanation of the security techniques used in the EncryptionKeyGenerator class, see "Example: Generating and using an encryption key" in the guide "Developing Adobe AIR Applications with Flex."
Method | Defined By | ||
---|---|---|---|
Creates a new EncryptionKeyGenerator instance. | EncryptionKeyGenerator | ||
Uses a password to generate a 16-byte encryption key. | EncryptionKeyGenerator | ||
Indicates whether an object has a specified property defined. | Object | ||
Indicates whether an instance of the Object class is in the prototype chain of the object specified
as the parameter. | Object | ||
Indicates whether the specified property exists and is enumerable. | Object | ||
Sets the availability of a dynamic property for loop operations. | Object | ||
Returns the string representation of this object, formatted according to locale-specific conventions. | Object | ||
Returns the string representation of the specified object. | Object | ||
Checks a password and returns a value indicating whether the password is a "strong"
password. | EncryptionKeyGenerator | ||
Returns the primitive value of the specified object. | Object |
Constant | Defined By | ||
---|---|---|---|
ENCRYPTED_DB_PASSWORD_ERROR_ID : uint = 3138 [static]
This constant matches the error ID (3138) of the SQLError error that occurs when
code that is attempting to open an encrypted database provides the wrong
encryption key. | EncryptionKeyGenerator |
EncryptionKeyGenerator | () | Constructor |
public function EncryptionKeyGenerator()
Creates a new EncryptionKeyGenerator instance.
getEncryptionKey | () | method |
public function getEncryptionKey(password:String, overrideSaltELSKey:String = null):ByteArray
Uses a password to generate a 16-byte encryption key. The return value is suitable to use as an encryption key for an encrypted AIR local SQL (SQLite) database.
For any given
password, calling the getEncryptionKey()
method from the same AIR application
running in the same user account on the same machine, the encryption key result is
the same.
This method is designed to create an encryption key suitable for providing the highest level of data privacy and security. In order to achieve that level of security, your application must follow several security principles:
- Your application can never store the user-entered password
- Your application can never store the encryption key returned by the
getEncryptionKey()
method. - Instead, each time the user runs the application and attempts to access the database,
call the
getEncryptionKey()
method to regenerate the encryption key.
For more information about data security, and an explanation of the security techniques used in the EncryptionKeyGenerator class, see "Example: Generating and using an encryption key" in the guide "Developing Adobe AIR Applications with Flex."
Parameters
password:String — The password to use to generate the encryption key.
| |
overrideSaltELSKey:String (default = null ) — The EncryptionKeyGenerator creates and stores a random value
(known as a salt) as part of the process of
generating the encryption key. The first time an application
calls the getEncryptionKey() method, the salt
value is created and stored in the AIR application's encrypted
local store (ELS). From then on, the salt value is loaded from the
ELS.
If you wish to provide a custom String ELS key for storing
the salt value, specify a value for the |
ByteArray — The generated encryption key, a 16-byte ByteArray object.
|
Throws
ArgumentError — If the specified password is not a "strong" password according to the
criteria explained in the validateStrongPassword()
method description
| |
ArgumentError — If a non-null value is specified for the overrideSaltELSKey
parameter, and the value is an empty String ("" )
|
validateStrongPassword | () | method |
public function validateStrongPassword(password:String):Boolean
Checks a password and returns a value indicating whether the password is a "strong" password. The criteria for a strong password are:
- Minimum 8 characters
- Maxmium 32 characters
- Contains at least one lowercase letter
- Contains at least one uppercase letter
- Contains at least one number or symbol character
Parameters
password:String — The password to check
|
Boolean — A value indicating whether the password is a strong password (true )
or not (false ).
|
ENCRYPTED_DB_PASSWORD_ERROR_ID | Constant |
public static const ENCRYPTED_DB_PASSWORD_ERROR_ID:uint = 3138
This constant matches the error ID (3138) of the SQLError error that occurs when code that is attempting to open an encrypted database provides the wrong encryption key.
Wed Nov 21 2018, 06:34 AM -08:00