Adobe
Products
Acrobat
Creative Cloud
Creative Suite
Digital Marketing Suite
Digital Publishing Suite
Elements
Photoshop
Touch Apps
Student and Teacher Editions
More products
Solutions
Creative tools for business
Digital marketing
Digital media
Education
Financial services
Government
Web Experience Management
More solutions
Learning Help Downloads Company
Buy
Home use for personal and home office
Education for students, educators, and staff
Business for small and medium businesses
Licensing programs for businesses, schools, and government
Special offers
Search
 
Info Sign in
Welcome,
My cart
My orders My Adobe
My Adobe
My orders
My information
My preferences
My products and services
Sign out
Why sign in? Sign in to manage your account and access trial downloads, product extensions, community areas, and more.
Adobe
Products Sections Buy   Search  
Solutions Company
Help Learning
Sign in Sign out My orders My Adobe
Preorder Estimated Availability Date. Your credit card will not be charged until the product is shipped. Estimated availability date is subject to change. Preorder Estimated Availability Date. Your credit card will not be charged until the product is ready to download. Estimated availability date is subject to change.
Qty:
Purchase requires verification of academic eligibility
Subtotal
Review and Checkout
Adobe Developer Connection / Adobe AIR Developer Center /

Using the encrypted local store feature

by Kevin Hoyt

Kevin Hoyt
  • Platform Evangelist Adobe

Modified

25 February 2008

Page tools

Share on Facebook
Share on Twitter
Share on LinkedIn
Bookmark
Print
Adobe AIR application desktop HTML security

Requirements

Prerequisite knowledge

General experience of building applications with HTML or Ajax is suggested.

User Level

Intermediate

Required products

  • Adobe AIR

Sample files

  • encrypted_local_store.zip (7 KB)

The EncryptedLocalStore class

To gain access to the encryption functionality that is built into Adobe AIR, you leverage the EncryptedLocalStore class. The class has only three methods and all of them are static (that is, they don't require an instance of the class):

  • When you want to put something in the store, simply call EncryptedLocalStore.setItem().
  • To get something out of the store call EncryptedLocalStore.getItem().
  • To remove something entirely from the store, EncryptedLocalStore.removeItem().

Note: The encrypted local store was added in AIR beta 2. The storage mechanism has changed in Adobe AIR 1.0 and previously existing encrypted data is no longer accessible. Before Adobe AIR 1.0 can use this feature you must call EncryptedLocalStore.reset() to clear all previously existing data. You may want to use an Adobe AIR beta 2 application to retrieve the data prior to resetting the store, as all existing data will be destroyed.

Encryption details

Here's an overview of how encryption is implemented in Adobe AIR:

  • Each Adobe AIR application has its own encrypted local store.
  • The encrypted local store can only be accessed from the application security sandbox.
  • Adobe AIR uses DPAPI on Windows and Keychain on Mac OS X.
  • Data is encrypted to the local store using AES-CBC 128-bit.

How it works

Everything is put in the store, and retrieved from the store, as a ByteArray. This can be a little confusing at first when you think about just simple data such as passwords. The encryption mechanism however can be leveraged on entire files, not just text, and the ByteArray accommodates more diverse scenarios.

Putting data into the store

Take a look at the common case of remembering a user's login information starting with storing the data. This means getting the information out of the input field, writing it to a ByteArray, and then putting the data in the encrypted store:

function doSignIn() { var data = null; var email = null; var password = null; if( document.getElementById( 'remember' ).checked ) { email = document.getElementById( 'email' ).value; password = document.getElementById( 'password' ).value; data = new air.ByteArray(); data.writeUTFBytes( email ); air.EncryptedLocalStore.setItem( 'email', data ); data = new air.ByteArray(); data.writeUTFBytes( password ); air.EncryptedLocalStore.setItem( 'password', data ); } else { removeUser(); } document.getElementById( 'login' ).style.visibility = 'hidden'; }

When calling EncryptedLocalStore.setItem(), you need to have the data already in a ByteArray. When storing a string, this can be easily accomplished by creating a new ByteArray instance, and then using ByteArray.writeUTFBytes(), which takes a string argument. The other important part of EncryptedLocalStore.setItem() is the name of the item you're setting. This acts as a label for reference later when you want to get, change, or remove the data.

When using the encrypted local store, it is important to always read and write the data using UTF-8.

When you choose to store the user's login credentials is really up to you. You might choose to store the data when the user clicks the Remember me check box. You might choose to store the data when the user clicks the Sign In button. Or you might even wait to store the data, until a successful login has been made. As a general rule, you'll probably want to wait for a successful login so you can be sure that the data you are storing will actually be accurate for future use.

Retrieving data from the store

Next up comes getting the data back out of the encrypted local store. In the case of "Remember me" functionality, this will most commonly be done when the Adobe AIR application starts. You get the data using the item name (label) you used previously. Using ByteArray.readUTFBytes() will get the string back out of the ByteArray.

function rememberUser() { var email = air.EncryptedLocalStore.getItem( 'email' ); var pass = air.EncryptedLocalStore.getItem( 'password' ); if( email != null ) { document.getElementById( 'email' ).value = email.readUTFBytes( email.bytesAvailable ); document.getElementById( 'password' ).value = pass.readUTFBytes( pass.bytesAvailable ); document.getElementById( 'remember' ).checked = true; } else { document.getElementById( 'email' ).value = ''; document.getElementById( 'password' ).value = ''; document.getElementById( 'remember' ).checked = false; } }

In this scenario a call is made for each value, user name and password. You might choose to concatenate both user name and password into one comma-separated value before you store it. That in turn would mean only one call to get that value back out of the store. If you went that direction here, you'd likely end up with more code to split the values back apart (that is, String.split()). Keep in mind that EncryptedLocalStore doesn't really care about the independent values, just that it is encrypting a ByteArray.

Finally comes the task of removing the data in the situation that the user no longer wants the application to store it. The EncryptedLocalStore class also makes that task easy enough by providing EncryptedLocalStore.removeItem(). Just like EncryptedLocalStore.getItem(), you pass the label of the item you want to remove when calling EncryptedLocalStore.removeItem(), which returns no value.

function removeUser() { air.EncryptedLocalStore.removeItem( 'email' ); air.EncryptedLocalStore.removeItem( 'password' ); }

Just like the decision as to when to store the data, and how to store the data, when to remove the data is also up to you. The data that you're encrypting doesn't have to be text, it can be anything that can be represented by a ByteArray. The encrypted local store is flexible. The important part of course is that your user's data can now be securely stored on the desktop as part of your application's functionality.

More Like This

  • Introducing Adobe AIR for Ajax developers
  • HTML updates in Adobe AIR 3
  • Interacting with a native process
  • BlackBookSafe: Anatomy of an AIR 1.5 application
  • Recreating MapCache on Adobe AIR

Tutorials & Samples

Tutorials

  • Interacting with a native process
  • Using the encrypted local store feature
  • Introducing Adobe AIR for Ajax developers
  • Recreating MapCache on Adobe AIR

Samples

  • Using the encrypted local store feature
  • Recreating MapCache on Adobe AIR

Adobe AIR Blog

More
07/09/2012 Protected: Publishing Adobe AIR 3.0 for TV on Reference Devices
07/08/2012 Source Code: Adobe AIR 3.3 Retina Video Application
07/06/2012 Application specific File Storage on Adobe AIR based ios Application
07/04/2012 Recent Work - iPad/Android App: Inside My toyota

Adobe AIR Forum

More
04/11/2012 Surround sound 5.1 with Air 3.2 on desktop app?
12/12/2011 Live Streaming H.264 Video on iOS using AIR
04/17/2012 HTMLLoader - Google Maps?
04/12/2012 Tabindex in forms on mobile?

Products

  • Acrobat
  • Creative Cloud
  • Creative Suite
  • Digital Marketing Suite
  • Digital Publishing Suite
  • Elements
  • Mobile Apps
  • Photoshop
  • Touch Apps
  • Student and Teacher Editions

Solutions

  • Digital marketing
  • Digital media
  • Web Experience Management

Industries

  • Education
  • Financial services
  • Government

Help

  • Product help centers
  • Orders and returns
  • Downloading and installing
  • My Adobe

Learning

  • Adobe Developer Connection
  • Adobe TV
  • Training and certification
  • Forums
  • Design Center

Ways to buy

  • For personal and home office
  • For students, educators, and staff
  • For small and medium businesses
  • For businesses, schools, and government
  • Special offers

Downloads

  • Adobe Reader
  • Adobe Flash Player
  • Adobe AIR
  • Adobe Shockwave Player

Company

  • News room
  • Partner programs
  • Corporate social responsibility
  • Career opportunities
  • Investor Relations
  • Events
  • Legal
  • Security
  • Contact Adobe
Choose your region United States (Change)
Choose your region Close

North America

Europe, Middle East and Africa

Asia Pacific

  • Canada - English
  • Canada - Français
  • Latinoamérica
  • México
  • United States

South America

  • Brasil
  • Africa - English
  • Österreich - Deutsch
  • Belgium - English
  • Belgique - Français
  • België - Nederlands
  • България
  • Hrvatska
  • Česká republika
  • Danmark
  • Eastern Europe - English
  • Eesti
  • Suomi
  • France
  • Deutschland
  • Magyarország
  • Ireland
  • Israel - English
  • ישראל - עברית
  • Italia
  • Latvija
  • Lietuva
  • Luxembourg - Deutsch
  • Luxembourg - English
  • Luxembourg - Français
  • الشرق الأوسط وشمال أفريقيا - اللغة العربية
  • Middle East and North Africa - English
  • Moyen-Orient et Afrique du Nord - Français
  • Nederland
  • Norge
  • Polska
  • Portugal
  • România
  • Россия
  • Srbija
  • Slovensko
  • Slovenija
  • España
  • Sverige
  • Schweiz - Deutsch
  • Suisse - Français
  • Svizzera - Italiano
  • Türkiye
  • Україна
  • United Kingdom
  • Australia
  • 中国
  • 中國香港特別行政區
  • Hong Kong S.A.R. of China
  • India - English
  • 日本
  • 한국
  • New Zealand
  • 台灣

Southeast Asia

  • Includes Indonesia, Malaysia, Philippines, Singapore, Thailand, and Vietnam - English

Copyright © 2012 Adobe Systems Incorporated. All rights reserved.

Terms of Use | Privacy Policy and Cookies (Updated)

Ad Choices

Reviewed by TRUSTe: site privacy statement