Back to top

Knox SDK frequently asked questions — SDP

The SDP APIs let you protect sensitive data, either in a database or in a file, by encrypting the data using a cryptographic key that is based on either the device unlock password or an app-specific password.

The Sensitive Data Protection (SDP) APIs require the Knox SDK and Android M or higher installed on your device. To check the version of Knox on your device, go to Settings > About phone > Software information > Knox version (See Knox version mapping.)

SDP in the Knox SDK, the Knox Chamber, and the native email app on Samsung devices all use Sensitive Data Protection to encrypt data.

The Knox Chamber is pre-installed automatically with Knox v2.4 onwards and appears as a folder in the secure Knox container. Device users can move files into the Knox Chamber folder to further secure these files.

With SDP, app developers can use the same encryption engine. You simply identify which files or database columns to protect. Optionally, you can provide an app-specific password to generate the cryptographic key used during data encryption and decryption. If you don’t provide a password, the device unlock password is used by default.

The default engine uses the device unlock password to generate a cryptographic key for data encryption and decryption. The custom engine uses an app-specific password to generate the cryptographic key. This app-specific password can be set by the app user; it is up to the app to set or reset the password that is used.

Is this page helpful?