2

I want to decrypt a file stored at my app's res folder. This file is distributed with the app, and I'm trying to decrypt it only once during app start.

So far, I've found some answers (this one, for instance) about how to write the decrypted file into sdcard, but won't that file be available to malicious access at the sdcard?

I wish I could write the CipherInputStream into a java.io.InputStream, so I could use it without writing any decrypted data to disk. Is it possible?

Community
  • 1
  • 1
Lucas Jota
  • 1,863
  • 4
  • 24
  • 43

1 Answers1

1

I think you want something like this 

private InputStream getDecodedInputStream (InputStream eis) {
   Cipher cipher = Cipher.getInstance("your cipher definition");
   cipher.init(Cipher.DECRYPT_MODE, "your keySpec", new IvParameterSpec("your IV parameter spec"));
   InputStream decryptedInputStream = new CipherInputStream(is, cipher);
   return decryptedInputStream;
}

where eis is your encrypted input stream

Marcel Krivek
  • 167
  • 8
  • I see `CipherInputStream` extends `InputStream`, does it means that `decryptedInputStream` is being decrypted? Shouldn't I call `CipherInputStream.read()` to actually decrypt data? – Lucas Jota Oct 21 '14 at 12:11
  • yes, it does mean that `decryptedInputStream` is being decrypted – Marcel Krivek Oct 21 '14 at 12:17
  • Well, I'm accepting your answer then. But I'm still unable to use the decrypted data. [Here](http://stackoverflow.com/questions/26473519/decrypt-self-signed-certificate-throws-ioexception-wrong-version-of-key-store) is a more detailed question about my problem, if you are interested. Thanks for your attention! – Lucas Jota Oct 21 '14 at 12:39