Setting Up Secure Storage

Prerequisites

Only one user has been created on the device before enabling secure storage.

Context

When using DB2e as persistence, you can make use of encrypted DB2e installation files. This requires the use of a password to connect to the database instance.

MI uses a default password and the encoded format of this password is stored internally. However the users can specify their own password and then the encoded format of this password is stored in the Default. properties and Configuration.properties file.

To further protect this encoded password from unauthorized users, you can use the secure storage functionality. Secure Storage is a mechanism of storing the encrypted database password in a more secure manner, and the client removes the database password from the Default. properties and Configuration.properties file.

When the database password is securely stored as encrypted data, it is only accessible after authentication:

If the user logs on with the local password, he or she has access to the stored, encrypted password.
If the user authenticates by means of Single Sign-On, the server supplies the password to access the stored, encrypted password.

Caution

Note that you can only use the Strong Encryption in countries where this is allowed.

Procedure

Add the following parameters to the file Default.properties and Configuration.properties:

MobileEngine.Security.Persist.SecureStorage = true

MobileEngine.Security.Implementation.Provider = iaik.security.provider.IAIK
Copy the iaik_jce.jar file for encryption into the <jdk installation directory>\jre\lib\ext directory .