In a previous entry I wrote about the different ways you have to store data in an AIR application. One way is to use the encrypted local storage. The signature of the method that you use to place something in “vault” is:
EncryptedLocalStore.setItem(name:String, data:ByteArray, stronglyBound:Boolean = false):void
Usually, you use just the first two arguments: name – the key you use to store and to retrieve the data, and data – what you want to store. However the third argument is very interesting. If you set this to true, then the stored item is strongly bound to the digital signature and bits of the AIR application in addition to the publisher id. This means that if the bits of the installed application are changing, then the previous stored information in the encrypted storage cannot be read anymore.
This is great because it gives you all the security you might need – if somehow, some malicious files are injected into your application, the data are protected and cannot be read.
But in some situations, it is not so great. If you use the update framework, after each update the bits are changed and thus the information is lost. So, I spent some time thinking on this issue and I came to the conclusion that the only solution is this:
- during the update detection read the data from the encrypted store and write back using stronglyBound set to false;
- when the application is re-started, check if you have something in the above store, and if you have write it back to store with stronglyBound set to true and delete the transient data.
So, this is the only solution I came with for this. I am curious; how do you handle this?