fuquan/allwinner_a64
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
allwinner_a64/android/docs/source.android.com/en/security/encryption/index.html
August 5425409085 upload android base code part8
2018-08-08 20:10:12 +08:00

72 lines
2.9 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<html devsite>
<head>
<title>Encryption</title>
<meta name="project_path" value="/_project.yaml" />
<meta name="book_path" value="/_book.yaml" />
</head>
<body>
<!--
Copyright 2017 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<p>
Encryption is the process of encoding all user data on an Android device using
symmetric encryption keys. Once a device is encrypted, all user-created data is
automatically encrypted before committing it to disk and all reads automatically
decrypt data before returning it to the calling process. Encryption ensures that
even if an unauthorized party tries to access the data, they wont be able to
read it.
</p>
<p>
Android has two methods for device encryption: full-disk encryption and
file-based encryption.
</p>
<h2 id=full-disk>Full-disk encryption</h2>
<p>
Android 5.0 and above supports <a href="full-disk.html">full-disk encryption</a>.
Full-disk encryption uses a single key—protected with the users device password—to
protect the whole of a devices userdata partition. Upon boot, the user must
provide their credentials before any part of the disk is accessible.
</p>
<p>
While this is great for security, it means that most of the core functionality
of the phone in not immediately available when users reboot their device.
Because access to their data is protected behind their single user credential,
features like alarms could not operate, accessibility services were unavailable,
and phones could not receive calls.
</p>
<h2 id=file-based>File-based encryption</h2>
<p>
Android 7.0 and above supports <a href="file-based.html">file-based encryption</a>.
File-based encryption
allows different files to be encrypted with different keys that can be unlocked
independently. Devices that support file-based encryption can also support a new
feature called <a
href="https://developer.android.com/preview/features/direct-boot.html">Direct
Boot</a> that allows encrypted devices to boot straight to the lock screen, thus
enabling quick access to important device features like accessibility services
and alarms.
</p>
<p>
With the introduction of file-based encryption and new APIs to make
applications aware of encryption, it is possible for these apps to operate
within a limited context. This can happen before users have provided their
credentials while still protecting private user information.
</p>
</body>
</html>
Reference in a new issue View git blame Copy permalink