Password Protection

Class Overview

java.lang.Object
    com.dyadicsec.mobile.DYSimpleBase
       com.dyadicsec.mobile.tokens.enc.DYPassword

The DYPassword is a wrapper class for storing and retrieving a single password.

protectPassword

Creates a new token that protects the provided password and splits it into two shares.

This method will delete any other existing password tokens.

public void protectPassword (
    String username,
    String password,
    String label,
    DYCredentials credentials,
    boolean authenticationToken,
    Map<String, String> parameters,
    DYSignTokenFactory.DYInitTokenListener listener)

Important
This method deletes any other tokens of type Password on the device — previously defined passwords become invalid.

Parameters:

• username - Name of the user.
• password - The password string provided as-is.
• label - Name that is assigned to the created token.
  Useful for lookup and monitoring in the CoTCrypto-of-Things (CoT) - Unbound's CoT ensures that your apps are secure regardless of the security posture of the device on which they’re deployed. Now called Unbound CORE Virtual Enclave. Admin display.
• credentials - Credentials.
• authenticationToken - false – indicates that the password (when retrieved) is provided to the application in the plaintext.
  true – the application has been designed to retrieve encrypted share from the CoTCrypto-of-Things (CoT) - Unbound's CoT ensures that your apps are secure regardless of the security posture of the device on which they’re deployed. Now called Unbound CORE Virtual Enclave. server and recombine it with the share provided by the device.
• parameters - null – standard grade encryption or PQCPost Quantum Cryptography - Cryptographic algorithms that are thought to be secure against an attack by a quantum computer. grade encryption (see the note below).
• listener - The callback handler.

To use PQCPost Quantum Cryptography - Cryptographic algorithms that are thought to be secure against an attack by a quantum computer.-grade encryption, pass the following in the parameters:

Map<String, String> parameters = new HashMap<>();
parameters.put(DYTokenFactory.IS_PQC,"TRUE");

retrievePassword

public void retrievePassword(
     DYCredentials credentials,
     DYPWDToken.DYRetrievePasswordListener listener)

Parameters:

• credentials - Credentials.
• listener - The callback handler.

Sample Code

The sample code presents the use of the following three operations: Init, Storage, and Retrieval of the password.

Init

This method creates a singleton of the Unbound Crypto-of-Things SDK using DYMobile.getInstance(). See Initialization.

Enrollment of the Password

The following sample of code triggers PIN-based authentication and, after verification, stores the provided password while encrypting it.

public void onClick(DialogInterface dialog, int whichButton) {
   String pinCode = input.getText().toString();
   DYPassword.getInstance().protectPassword(
     USERNAME,
     txtPassword.getText().toString(),
     "label",
    new DYPinCredentials(pinCode),
    false,// password shall be retrieved as provided
    null,// standard (not PQC) encryption of the password
    new DYPWDTokenFactory.DYInitTokenListener() {
         // deleted
     });

Retrieval of the Password

The following sample of code triggers PIN-based authentication and, after verification, stores the provided password.

public void onClick(DialogInterface dialog, int whichButton) {
    String pinCode = input.getText().toString();

    DYPassword.getInstance().retrievePassword(
       new DYPinCredentials(pinCode),
       new DYPWDToken.DYRetrievePasswordListener() {
     // deleted
    });
}