Knox SDK frequently asked questions — SDP | Knox SDK

The SDP APIs let you protect sensitive data, either in a database or in a file, by encrypting the data using a cryptographic key that is based on either the device unlock password or an app-specific password.

The Sensitive Data Protection (SDP) APIs require the Knox SDK and Android M or higher installed on your device. To check the version of Knox on your device, go to Settings > About phone > Software information > Knox version (See Knox version mapping.)

SDP in the Knox SDK, the Knox Chamber, and the native email app on Samsung devices all use Sensitive Data Protection to encrypt data.

The Knox Chamber is pre-installed automatically with Knox v2.4 onwards and appears as a folder in the secure Knox container. Device users can move files into the Knox Chamber folder to further secure these files.

With SDP, app developers can use the same encryption engine. You simply identify which files or database columns to protect. Optionally, you can provide an app-specific password to generate the cryptographic key used during data encryption and decryption. If you don’t provide a password, the device unlock password is used by default.

The default engine uses the device unlock password to generate a cryptographic key for data encryption and decryption. The custom engine uses an app-specific password to generate the cryptographic key. This app-specific password can be set by the app user; it is up to the app to set or reset the password that is used.

Knox SDK frequently asked questions — SDP

What is the Sensitive Data Protection feature in the Knox SDK?

Which devices support the Sensitive Data Protection APIs?

What is the difference between the SDP and the Knox Chamber?

When using the SDP APIs, what is the difference between default engine and custom engine?