-1

I am using the following code to encrypt a file in sd card. 

void encrypt() throws IOException, NoSuchAlgorithmException, NoSuchPaddingException,
InvalidKeyException {
    String myString = getOutputFile();
    File myFile = new File(myString);
    FileInputStream inputStream = new FileInputStream(myFile);
    File encodedfile = new File(path,"filename" + ".mp4");
    FileOutputStream outputStream = new FileOutputStream(encodedfile);
    SecretKeySpec sks = new SecretKeySpec("MyDifficultPassw".getBytes(), "AES");
    Cipher cipher = Cipher.getInstance("AES");
    cipher.init(Cipher.ENCRYPT_MODE, sks);
    CipherOutputStream cos = new CipherOutputStream(outputStream, cipher);
    int b;
    byte[] d = new byte[8];
    while((b = inputStream.read(d)) != -1){
        cos.write(d, 0, b);
    }
    cos.flush();
    cos.close();
    inputStream.close();

As i am new to cryptography, i don't know whether am using 256 bit encryption. Am i using a 256 bit encryption. If not what code should i add to make it a 256 bit encryption

Srijith
  • 1,695
  • 17
  • 29
  • Using google I found these [A gist](https://gist.github.com/dealforest/1949873) , [Android encrypt aes 256](http://stackoverflow.com/questions/10198462/android-aes-256-bit-encrypt-data) and [Android decrypt aes 256](http://stackoverflow.com/questions/21627863/decrypt-aes256-encrypted-bytes) – bhathiya-perera Aug 06 '14 at 09:57

1 Answers1

2

No, you are using 128 bit encryption, as your password is 16 ASCII characters. Combine that with the default character set of Android (UTF-8) and the result of getBytes() will be key data of 16 bytes, or 128 bits.

Not that it matters if it is 128 bit or 256 bit. If you directly store the password or key in your code, use a password as key or if you rely on the default ECB mode of encryption, then your code is not secure.

Learn about key management, use at least CBC mode encryption and create a fully random AES key of 256 bits (32 bytes). The AES keysize (as used within Cipher) fully depends on the key in Java / Android.

Community
  • 1
  • 1
Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • But my primary requirement is only 256 bits and modes are only secondary. And how should i get a 256 bit key without using modes? If i use 32 ASCII characters, does it mean that am using 256 bit key? Sorry to ask such a basic question, but am very new to cryptography. – Srijith Aug 06 '14 at 12:43
  • @Sree14 Yes, but the person that created the requirements should leave things to somebody better educated on the subject. – Maarten Bodewes Aug 06 '14 at 12:49
  • Ya, but i'll surely try to do a more advanced aes encryption as you said, in future. Thanks. – Srijith Aug 06 '14 at 12:54
  • Try and use CTR mode encryption, it would solve a few issues, would be safer (*if* unique nonces are used) and would allow for skipping parts of the stream later on. – Maarten Bodewes Aug 06 '14 at 13:04
  • Sure sir. Thank you. But can i decrypt what i encrypted here in php. I want to send this encrypted file to a php server. – Srijith Aug 06 '14 at 13:09