Software Archive
Read-only legacy content
17061 Discussions

How does the App Security API encrypt data?

Shlomo_H_
Beginner
‎07-29-2016 11:45 AM
292 Views
Solved Jump to solution

The App Security API seems to make it very easy to encrypt data in hybrid HTML5 apps, but the documentation doesn't give much data on how it works:

The confidentiality and integrity of the sealed chunk is protected by encryption and signing. You do not need to deal with encryption, signing, or key management; the App Security API does this for you.

What encryption algorithm is used? What key is used (when not providing an 'extraKey')?

Thank you.

0 Kudos
1 Solution
Dan_S_Intel
Employee
‎08-01-2016 07:28 AM
292 Views
Solved Jump to solution

Hi Shlomo,

The encryption-decryption of the data in App Security API is done using AES-GCM algorithm.

The AES-GCM key is derived from device specific attributes (hardware and software) along with an extra key (if provided during createFromData api).

Thanks,

Dan.

View solution in original post

0 Kudos
Copy link

Link Copied

2 Replies
PaulF_IntelCorp
Employee
‎07-29-2016 03:09 PM
292 Views
Solved Jump to solution

Shlomo -- I'll ask one of the experts on that API to respond. --Paul

0 Kudos
Copy link
Dan_S_Intel
Employee
‎08-01-2016 07:28 AM
293 Views
Solved Jump to solution

Hi Shlomo,

The encryption-decryption of the data in App Security API is done using AES-GCM algorithm.

The AES-GCM key is derived from device specific attributes (hardware and software) along with an extra key (if provided during createFromData api).

Thanks,

Dan.

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.