Encrypt local data for enhanced security
By default, IAPMiniProgram SDK stores data from local-storage JSAPIs (my.getStorage, my.getStorageSync, my.setStorage, and my.setStorageSync) in plaintext. To enhance local data security, the super app can customize the encryption and decryption process using the GriverSecurityExtension interface. This topic guides you through the steps and provides sample codes for local data encryption and decryption.
Procedures
Take the following two steps to customize the encryption and decryption process of local data:
Step 1: Implement GriverSecurityExtension
Create a class that implements the GriverSecurityExtension interface. Within this class, customize the encryption and decryption logic with your desired algorithm using the encrypt and decrypt methods respectively. Refer to the following sample code for the implementation:
public class YourExtensionImpl implements GriverSecurityExtension {
private static final String PREFIX = "_com_grv_";
@Override
public String getIdentifier() {
return PREFIX;
}
@Override
public String encrypt(String data) {
//Implement the logic to encrypt data
String encryptedData = ...;
return encryptedData;
}
@Override
public String decrypt(String data, String identifier) {
//Implement the logic to decrypt data
String decryptedData = ...;
return decryptedData;
}
}For more information about this interface, refer to GriverSecurityExtension. When writing the data encryption and decryption logic, you can also use the public instance methods provided by SecurityGuardLiteManager to implement the AES256 algorithm. Refer to the following sample code for the implementation:
package com.alibaba.griver.base.common.security;
import android.text.TextUtils;
import com.alibaba.griver.api.common.security.GriverSecurityExtension;
import com.alibaba.griver.base.common.env.GriverEnv;
import com.alibaba.griver.base.common.utils.ReflectUtils;
import com.alipay.plus.security.lite.SecurityGuardLiteManager;
public class YourExtensionImpl implements GriverSecurityExtension {
private static final String PREFIX = "GriverDataSecurityExtension";
@Override
public String getIdentifier() {
return PREFIX;
}
@Override
public String encrypt(String data) {
if (TextUtils.isEmpty(data)) {
return data;
}
if (isSecurityLiteLibExist()) {
try {
String encryptedData = SecurityGuardLiteManager.getInstance(applicationContext).encrypt(data);
return encryptedData;
} catch (Throwable e) {
return null;
}
}
return data;
}
@Override
public String decrypt(String data, String identifier) {
if (!TextUtils.equals(getIdentifier(), identifier)) {
return null;
}
if (TextUtils.isEmpty(data)) {
return data;
}
if (isSecurityLiteLibExist()) {
try {
String decryptedData = SecurityGuardLiteManager.getInstance(GriverEnv.getApplicationContext()).decrypt(data);
return decryptedData;
} catch (Throwable e) {
return null;
}
}
return data;
}
private boolean isSecurityLiteLibExist() {
return ReflectUtils.classExist("com.alipay.plus.security.lite.SecurityGuardLiteManager");
}
}Step 2: Register GriverSecurityExtension
After the SDK initialization logic, call the registerExtension API to register the implemented GriverSecurityExtension interface to the SDK with the following sample code:
InitConfig initConfig = new InitConfig;
//....
IAPConnect.init(context, initConfig, new InitCallback() {
@Override
public void onSuccess() {
//Register the extension after a successful initial
YourExtensionImpl extension = new YourExtensionImpl();
Griver.registerExtension(
new GriverExtensionManifest(GriverSecurityExtension.class, extension));
}
@Override
public void onFailure(final InitErrorCode errorCode, final String errorMessage) {
}
});For more information about the registerExtension API, refer to registerExtension.
Interfaces
GriverSecurityExtension
The GriverSecurityExtension interface is used to customize the encryption and decryption process of local data. The following code shows the definition of this interface:
public interface GriverSecurityExtension extends GriverExtension {
String getIdentifier();
String encrypt(String data);
String decrypt(String data, String identifier);
}As shown by the interface definition, the GriverSecurityExtension interface provides the following methods:
Method | Description | Required |
getIdentifier | The method that the super app uses to obtain a predefined identifier that represents the encryptor. Do not set the returned value to | M |
encrypt | The method that the super app uses to encrypt the given data with a specific algorithm. Set the returned value to the following:
For more information, refer to | M |
decrypt | The method that the super app uses to decrypt the given data with the same algorithm used for encryption. Set the returned value to the following:
For more information, refer to | M |
encrypt
The encrypt method has the following input parameter:
Field | Data type | Description | Required |
data | String | Data to be encrypted. | M |
decrypt
The decrypt method has the following input parameters:
Field | Data type | Description | Required |
data | String | Data to be decrypted. | M |
identifier | String | The identifier that the super app specifies to represent the encryptor. This identifier must match the returned value of the | M |