Hardware Security Module

PoorMansHSM is an offline Android application that delivers “poor man’s” Hardware Security Module capabilities on a mobile device. It generates and stores RSA key pairs inside the Android Keystore, leveraging hardware-backed protection when available, so private keys never need to leave the secure keystore environment. The app provides cryptographic operations using the stored private keys, including decryption of encrypted payloads, making it useful for secure message workflows and device-bound key protection. To keep the experience simple and portable, PoorMansHSM supports QR code scanning for importing cipher text and QR code generation for sharing public keys. All data is kept local and offline, with encrypted persistence via a SQLCipher-protected SQLite database accessed through Entity Framework Core. The solution also includes a Windows Forms test application that enables end-to-end validation of the workflow. The desktop client can import public keys from the Android HSM via QR code, encrypt messages using those imported keys, generate QR codes containing the encrypted payload, and verify that the Android app can decrypt the content using its keystore-protected private key. Together, the mobile HSM app and the desktop test client provide a complete, practical demonstration of secure key management and encrypted messaging without relying on any online services.