I create and use RSA public/private key to encrypt/decrypt some message.I store them to a sharedpreferences as string and when i need them i create from string. Everything is works perfectly, but is it secure to store my private key in sharedpreferences as string. With this question :
SharedPreferences MODE_PRIVATE security
I learned that, someone can reach my sharedpreferences and can generate my private key from string. What can i do to make my private key secure while save it on my phone?
It all depends on the the level of sensitivity of the private/public key pair. I think, storing them in a sharedpreferences is not a bad idea. Your key pair is stored relative to the app directory and has system protection from external access. But, as the word "shared"Preferences implied, your key pair shared among your app components. So, if you need a better protection, consider storing the key pair in the KeyStore class instead . As of now, it is the best solution for key pair protection. It provides you password based key protection.
Update: There is a great article on android keystore and keychain usage here.