Using the Adobe AIR Encrypted Local Store

The Encrypted Local Store in the Adobe Integrated Runtime (AIR) can be used to store data on the user's local machine in a safe and persistent way. The data persists between application launch instances. Once something is placed into the Encrypted Local Store it is there to stay until it is removed or the files are deleted.

A separate Encrypted Local Store is set up for each AIR application on a machine and for each user of that machine. So essentially, each user gets their own Encrypted Local Store for each AIR application they use.

Using the Encrypted Local Store

Using the Encrypted Local Store is quite easy. It is available in the flash.data package and can be called from an HTML/Ajax AIR application without needing to include any other JS files.


<script>
window.runtime.flash.data.EncryptedLocalStore.getItem(keyName);
</script>

However, if you have included the AirAliases.js file in your application, it is much easier to use the Encrypted Local Store like this:


<script>
air.EncryptedLocalStore.getItem(keyName);
</script>

Data is stored in the Encrypted Local Store using Strings as identifiers, but the data itself is stored in a ByteArray. To set this up, we need to create a ByteArray to store the data.

Writing to the Encrypted Local Store

So for my sample here, I am going to store a username and password into the encrypted local store. These passwords may be used for something like making remote service calls. Other good uses for the encrypted local store might be for storing the encryption key for an encrypted SQLite Database, or for storing any other sensitive data that you have decided needs to be stored on the local machine.


<script>
function writeCredsToLocalStore(username, password) {
    
    // Create ByteArrays for each, you could create one ByteArray and do the steps once for each
    var baUser = new air.ByteArray();
    var baPass = new air.ByteArray();
    
    // Write the data to the ByteArrays
    baUser.writeUTFBytes(username);
    baPass.writeUTFbytes(password);
    
    // Set the Byte Arrays into the Local Store
    air.EncryptedLocalStore.setItem('username', baUser);
    air.EncryptedLocalStore.setItem('password', baPass);
}
</script>

In our writeCredsToLocalStore() function, we take in the username and password as parameters.

We then create ByteArrays, since this is what we need to put into the local store.

We use the writeUTFBytes() method of the ByteArrays to set the strings into them, and then finally, we set those ByteArrays into the Encrypted Local Store.

Pretty simple.

Reading from the Encrypted Local Store

Now, when we need to get that data out of the Encrypted Local Store, we reverse the process.


<script>
function readCredsFromLocalStore() {

    // Get ByteArrays from Local Store
    var baUser = air.EncryptedLocalStore.getItem('username');
    var baPass = air.EncryptedLocalStore.getItem('password');

    // Read the data out of the ByteArrays
    var username = baUser.readUTFBytes(baUser.bytesAvailable);
    var password = baPass.readUTFBytes(baPass.bytesAvailable);
    
    // Create a return object
    var returnVar = {username: username, password: password};

    // Return the user/pass object
    return returnVar;    
}
</script>

This is a little more complicated, but still quite simple.

First we need to read from the Encrypted Local Store using the string keys ('username' and 'password') that we set earlier. This will retrieve the ByteArrays that we set there earlier.

The ByteArrays contain the data we need, so we need to use the readUTFBytes() method to get the data out (since we used the writeUTFbytes() method to put them in).

Notice the unusual parameter that we need to pass to the readtUTFBytes() method. We need to tell that method how many bytes of the BytesArray to read. We want them all, so we pass in the ByteArray property 'bytesAvailable', which tells us the total number of bytes available within the array.

Then, I place the two values into an object and return that.

Removing from the Encrypted Local Store

As I said earlier. Once something is placed in the Encrypted Local Store, it is there to stay unless it is removed or the files for the store are deleted.

We certainly don't want to leave unneeded sensitive data just sitting around on a machine. Encrypted or not, if we don;t need it, then we don;t leave it, right?

Removing items from the Encrypted Local Store is easily accomplished with the removeItem() method of the EncryptedLocalStore object.


<script>
function removeFromLocalStore(key) {
    air.EncryptedLocalStore.removeItem(key);
}
</script>

Conclusion

The Encrypted Local Store seems to be a great way to store sensitive data on the local machine if you need to. I will reiterate, if you need to. If you don't need to store the data locally, then don't.

I have tried a few different ways of hacking the Encrypted Local Store. At first I thought it was quite easy, but then I read, and realized, that in development, the Encrypted Local Store used is not the same as the one used in a production application, which appears to be keyed to an instance of an application. So it is not just as easy as creating another AIR application, with the same name, and then using that to access the Encrypted Local Store. I will play with it further though.

If anyone has any further information about the security of the Local Store, I would love to hear about it.

Comments
Regev's Gravatar Maybe someone can help me with this ELS problem I have. It works well, but it keeps adding to the string instead of replacing it.
Do you know how to fix that?
# Posted By Regev | 10/2/13 2:36 AM
BlogCFC was created by Raymond Camden. This blog is running version 5.9.1. Contact Blog Owner