Skip to main content

Storage and Encryption

Storage

By default, the native Scanbot SDKs as well as the Plugin itself use the internal and secure storage locations for all produced files (JPG, PNG, PDF, TIFF, etc).

  • On Android all files will be stored in the internal files directory of your application. No permissions are required for your app to read or write files in this directory.

  • On iOS all files will be stored in the Application Support folder of your application.

Customize Storage Location

It is strongly recommended to use the default storage location. However, you can override the storage directory on initialization of the Plugin. The initScanbotSdk method can take an optional parameter storageBaseDirectory to set a custom storage location.

Directory storageDirectory;
if (Platform.isAndroid) {
storageDirectory = await getExternalStorageDirectory();
}
if (Platform.isIOS) {
storageDirectory = await getApplicationDocumentsDirectory();
}

// Please note: getExternalStorageDirectory() and getApplicationDocumentsDirectory()
// are provided via 3rd-party plugins like "path_provider".

var config = ScanbotSdkConfig(
storageBaseDirectory: "${directory.path}/my_custom_storage",
...
);
await ScanbotSdk.initScanbotSdk(config);

The value of the storageBaseDirectory must be a file URL ('file:///...) pointing to a valid platform-specific file system path. If this directory does not exist yet, the Plugin will try to create it. To work with the file system we recommend the Flutter Plugin path_provider.

For the full demo code please checkout our example app on GitHub.

Warning

When overriding the default storage location, make sure:

  • You have implemented proper handling for storage permission requests;
  • You fully understand the security implications and accessibility of the stored document files.

👉 For more details about the storage locations on Android and iOS please also see:

Scanned Document

The Scanbot SDK provides a scanned document container class for scanned and imported pages. It can be used to store and retrieve scanned pages to and from the device disk.

Example of storing and retrieving a document

Storing and retrieving a document
loading...

Storage Encryption

The Scanbot SDK provides the ability to store the generated image files (JPG, PNG), PDF, and TIFF files encrypted. This feature provides an additional level of security to the default secure storage locations of the native SDKs.

By default the file encryption is disabled. To enable it you have to pass the following config parameters on SDK initialization:

  • fileEncryptionPassword: A secure password or passphrase to derive the AES key for encryption/decryption.
  • fileEncryptionMode: Encryption mode, AES128 or AES256 (default and recommended).
var config = ScanbotSdkConfig(
fileEncryptionPassword: 'SomeSecretPa\$\$w0rdForFileEncryption',
fileEncryptionMode: FileEncryptionMode.AES256,
);
await ScanbotSdk.initScanbotSdk(config);

By activating the storage encryption the native Scanbot SDKs will use the built-in AES 128 or AES 256 encryption. All generated image files (JPG, PNG) including the preview image files, as well as the exported PDF files will be encrypted in memory and stored as encrypted data files on the device storage.

The Scanbot SDK derives the AES key from the given password, an internal salt value, and the internal number of iterations using the PBKDF2 function.

When applying image operations like cropping, rotation or image filters, the Scanbot SDK will decrypt the image file in memory, apply the changes, encrypt and store them again.

Handle Encrypted Images

Display Encrypted Images

If the file encryption is enabled you will not be able to display preview images via file URIs (e.g. pageData.documentImagePreviewURI). Instead, you have to load the decrypted data of a preview image and use it for displaying an image. In order to do that there is the API function getDecryptedDataFromFile(fileUri: string):

PageData pageData = ... // scanned page data object
// use the low-res image "documentImagePreviewURI" for the preview:
var decryptedImageData = await ScanbotEncryptionHandler.getDecryptedDataFromFile(pageData.documentImagePreviewURI);
//use image widget to show preview
Image image = Image.memory(decryptedImageData);

👉 For a full implementation see our example app.

Upload Encrypted Images

To upload an image, you have the following options:

  1. Upload the encrypted image file to your server and decrypt it on the backend. For assistance with generating the corresponding AES key and decrypting images, please contact our team.
  2. Alternatively, retrieve the decrypted image data as a Base64 string on the mobile device using the getDecryptedDataFromFile(fileUri: Uri) function, and then use this data for the upload process.

Examples:

// For a Page image file:
PageData pageData = ... // scanned page data object
// use the final hi-res image "documentImagePreviewURI" for the upload process:
var decryptedImageData = await ScanbotEncryptionHandler.getDecryptedDataFromFile(pageData.documentImagePreviewURI);
yourCustomUploadFunction(decryptedImageData);

// For a PDF or TIFF file generated by the Scanbot SDK:
Uri fileUri = ... // Uri of the generated PDF or TIFF file
var decryptedFileData = await ScanbotEncryptionHandler.getDecryptedDataFromFile(fileUri);
yourCustomUploadFunction(decryptedFileData);

Migration from startDocument (RTU UI v1) to startDocument (RTU UI v2)

See the migration guide here.

Want to scan longer than one minute?

Generate a free trial license to test the Scanbot SDK thoroughly.

Get your free Trial License

What do you think of this documentation?