Delete comment from: Android Explorations
Not storing the password is kind of the point, as the first section explains. It is hard to store keys securely, that is why you derive them from something the user can remember -- the password. To make sure it remains a secret, you keep it off the device. You can validate user input by decrypting your data and checking format or contents.
For other options regarding protecting keys, see this article: http://nelenkov.blogspot.jp/2012/05/storing-application-secrets-in-androids.html
Oct 3, 2012, 2:28:14 AM