TechQA.

Store secret key in Xamarin Forms

3.3k views Asked by At

I try to understand how I can store secrets in a xamarin forms project.

I have a web api core as a backend and a xamarin forms app as a frontend.

I am trying to code facebook authentication with Xamarin.Auth and I need to pass secret key to my app..

My thinking:

  1. Store in the frontend: I could create a config file and encrypt it but the decryption will be in my source code and by decompiling and reflexion the hacker could retrieve the decryption source code and decrypt the secret key.

2: Store in the backend: I could store the keys in the backend but by sniffing requests sent a hacker could retrieve my secret keys.

Then what is the solution? How can I do it?

Thanks,

authentication xamarin.forms secret-key xamarin.auth app-secret
Original Q&A
1

There are 1 answers

4
Mouse On Mars On

You could store your secret using Xamarin.Essentials. For Android your secret will be stored in the Androids KeyStore and within the Keychain in the case of iOS. Even if you decide to go with an encrypted config file I would strongly recommend storing your keys and IV in the SecureStorage instead of hard coding it in your source code. It is extremely easy to use and, well, as secure as it gets on a mobile device.

try
{
   // write secret
   await SecureStorage.SetAsync("oauth_token", "secret-oauth-token-value"); 

   // read secret
   var token = await SecureStorage.GetAsync("oauth_token");
}
catch(Exception ex)
{
}

Related Questions in AUTHENTICATION

Related Questions in XAMARIN.FORMS

Related Questions in SECRET-KEY

Related Questions in XAMARIN.AUTH

Related Questions in APP-SECRET

Popular Questions

Trending Questions