Another very important and delicate aspect of desktop applications, but not only, is the one regarding data encryption.
Encryption is the process of transforming data by using an algorithm to make it unreadable to anyone except those possessing a key.
Adobe AIR has an EncryptedLocalStore class that allows to encrypt data to store it on the client’s machine. Adobe AIR EncryptedLocalStore APIs use DPAPI (Data Protection Application Programming Interface) on Windows and the Keychain on Mac.
DPAPI is a relatively easy-to-use cryptography API available as a standard component in Microsoft Windows operating systems. Keychainis a password management system in Mac OS X. The default keychain file is the login keychain, decrypted on login by the user's login password stored in ~/Library/Keychains/.
Both the encrypted local store uses AES-CBC 128-bit encryption.
Using the methods of the EncryptedLocalStore APIs you can save and get data, stored as byte array data, in an encrypted format that cannot be deciphered by other applications or users. In fact each AIR application uses a different encrypted local store for each user.
The encrypted local data store has an maximum supported total capacity of 10MB.
In order to write data in an encrypted format, we use the setitem() methos that accepts the following three parameters, which it uses to set the items with a given name to the provided byte array data:
name: a String that contains the name of the item in the encrypted local data store.
data: a ByteArray that contains the data
stronglyBound: is a Boolean with a default value set to false. When the value is set to true it prevents the possibility of hijacking your application
To write information in an encrypted mode we can use the following setitem() method:
var str:String = "myPassword";
var dataEncrypted:ByteArray = new ByteArray();
and to read the encrypted information we use the following getitem() method:
var passwordBytes:ByteArray = EncryptedLocalStore.getItem("password");
var password:String = dataEncrypted.readUTFBytes(dataEncrypted.length);
In the next article I'll show you how to create an ActionScript class to use the EncryptedLocalStore in AIR applications.