Storage and Encryption | Android Document Scanner
Storage
Since version 1.39.0 the Scanbot SDK for Android uses the internal storage by default. All files generated by the Scanbot SDK (images, PDF files, thumbnails, temp files, etc.) are stored in the application data directory. Using the internal storage provides the following benefits:
- all stored files are accessible by only your app
- does not require storage permission prompts for your users.
For more details about the Android file storage system we highly recommend checking out: https://developer.android.com/training/data-storage
Change the default storage directory
It is strongly recommended to use the internal storage. However, you can override the default storage directory of the Scanbot SDK on initialization.
The ScanbotSDKInitializer
class provides the method sdkFilesDirectory(Application application, File sdkFilesDirectory)
which allows you to change the default storage directory.
Example:
import io.scanbot.sdk.ScanbotSDKInitializer
...
// Example for using a sub-folder in the external(!) storage:
val customStorageDir = File(getExternalFilesDir(null), "my-custom-storage-dir")
customStorageDir.mkdirs()
ScanbotSDKInitializer()
.sdkFilesDirectory(this, customStorageDir)
...
.initialize(this)
When overriding the default storage location, make sure
- you have implemented suitable storage permissions request handling
- the storage directory is available (e.g. unmounted SD card).
Storage encryption
Please note Encryption is not enabled by default.
The Scanbot SDK provides the ability to encrypt all stored images and PDF files in the SDK app folder.
To accomplish this you have to follow these steps:
- Add the Scanbot SDK Crypto Persistence library to your app dependencies
implementation("io.scanbot:bundle-sdk-crypto-persistence:VERSION")
- Enable files encryption in
ScanbotSDKInitializer
ScanbotSDKInitializer()
// ...
.useFileEncryption(true)
.initialize(this)
The default Encryptor implementation uses the AndroidX Crypto solution under the hood (more info can be found here).
The files encryptor uses the AES256_GCM_HKDF_4KB
file encryption scheme (more info can be found here).
security-crypto
AndroidX library is still in development and has an Alpha version
Additionally, the Scanbot SDK provides a custom AES based encryption solution io.scanbot.sdk.persistence.fileio.AESEncryptedFileIOProcessor
.
To enable it you have to set it in the SDK initializer in the useFileEncryption()
method:
.useFileEncryption(true, AESEncryptedImageFileIOProcessor("any_user_password", AESEncryptedFileIOProcessor.AESEncrypterMode.AES256))
AESEncryptedImageFileIOProcessor
publicly exposes initial salt, iterations count and IV (initialization vector) values and the generated key:
val scanbotSDK = ScanbotSDK(context)
val aesEncryptedFileIOProcessor = scanbotSDK.fileIOProcessor() as AESEncryptedFileIOProcessor
val generatedKey = aesEncryptedFileIOProcessor.key
val initialSalt = aesEncryptedFileIOProcessor.salt
val initialIterationCounts = aesEncryptedFileIOProcessor.iterationCount
val initialIV = aesEncryptedFileIOProcessor.initializationVector
AESEncryptedFileIOProcessor
does not save the password in secure storage between app sessions, so you have to implement this yourself and reuse it for SDK initialization.
The Scanbot SDK allows setting up a completely custom encryption implementation.
To do this you have to implement the io.scanbot.sdk.persistence.fileio.FileIOProcessor
interface and pass it to the useFileEncryption(true, your_file_io_processor)
method.
An instance of FileIOProcessor
will be available during the app session and the user can use it to read and copy decrypted images, PDF files and Bitmap
s.
For example:
val scanbotSDK = ScanbotSDK(context)
val decryptedImageBitmap: Bitmap = scanbotSDK.fileIOProcessor().readImage(source: File, options: BitmapFactory.Options? = null)
Want to scan longer than one minute?
Generate a free trial license to test the Scanbot SDK thoroughly.
Get your free Trial LicenseWhat do you think of this documentation?
What can we do to improve it? Please be as detailed as you like.