The very idea of cache is unsecure by nature... it's almost always functionally unnecessary unless we're talking of things like memoization etc... but since you mention a "media" app, I guess that's a cache for pictures, videos etc... Good point is: if a media app wants to really focus on security should it use a caching system ? ---------- CRYPTOANALYZER ---------- Sent from ProtonMail, encrypted email based in Switzerland. Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Sunday, 5 July 2020 г., 17:38, Zenaan Harkness <zen@freedbms.net> wrote:
In app media cache ought be in a crypt by default. Has anyone done this before and can give hints?
Platforms: initially android, but should be compilable for others including Linux
Object types: avatars, tweets, associated media including images and even vids - whatever is in a standard social media 'stream'.
Obviously cache needs to be parameterizable as to size, eviction policy, but it's not going to be unencrypted.
Come to think of it, FreeNet's code might be good, at the very least as a tutorial - but experience is always valuable, so if you have some experience you can share, please do.
To simplify eviction, objects should be separate files, compressed prior to saving, with one or more indices (also encrypted) for the application to do it's thing efficiently, including store, lookup, read and re-enrypt when an object is to be on-forwarded.
Content addressed in some way of course - git has lead the way on this principle - we just must make sure that if the user does not give up his password, anything lying around must meet some minimum "hiddenness" standard.
Possible libs:
Tuweni
=======
https://github.com/apache/incubator-tuweni https://tuweni.apache.org
Ancient Nacl-Java
==================
https://github.com/freeeve/nacl-java
looks like a one man band, not updated for 5yrs
================================================
Libsodium
==========
https://github.com/jedisct1/libsodium https://doc.libsodium.org/ https://doc.libsodium.org/bindings_for_other_languages
"complete security audit"
==========================
Seems to be used by Tuweni
===========================
Docs:
Java Cryptography Architecture (JCA) Reference Guide
=====================================================
https://docs.oracle.com/javase/7/docs/technotes/guides/security/crypto/Crypt...
Tutorials:
https://www.tutorialspoint.com/java_cryptography/index.htm https://www.tutorialspoint.com/java_cryptography/java_cryptography_encryptin...
simple block encryption
========================
Java - Asymmetric Cryptography example - Mkyong.com
====================================================
https://mkyong.com/java/java-asymmetric-cryptography-example/
https://github.com/amiralis/Java-crypto-tutorial
Encrypting and Decrypting Files in Java | Baeldung https://www.baeldung.com/java-cipher-input-output-stream
How to easily encrypt and decrypt text in Java https://www.adeveloperdiary.com/java/how-to-easily-encrypt-and-decrypt-text-...
Encrypt and Decrypt file/stream in Java https://self-learning-java-tutorial.blogspot.com/2017/09/encrypt-and-decrypt...