Android encryption

Question

I am working on an android application, and I need to use encryption for one aspect of it. I am really indifferent to which algorithm I use (AES, DES, RSA, etc...). I am aware that Java has a crypto package, but I am not familiar with it at all. Can someone post an example on how to do an encrypt/decrypt function?

The algorithm depends a lot on the usage scenario. What is it you're protecting, from whom, where, why and how do you plan to do it? AES (symmetric cipher) and RSA (asymmetric) function very differently. — Martin Paljak, Jun 30 '10 at 18:21
I am simply storing a username and password locally on the device. I have have an RSA implementation and used that for my purposes. — Señor Reginold Francis, Jun 30 '10 at 19:25
I suspect you want to store the username and password of a remote service and use it to access some service "transparently" ? This would make sense to be protected with symmetric encryption (AES) but how will you secure the AES key? With a password derived key? With some system key (maybe Android provides something internal for such purposes) Before rolling your own, make sure that Android does not provide a "keychain" or "password store" style service, that would take care of it for you. — Martin Paljak, Jul 01 '10 at 11:38
For future readers, please check [this](https://github.com/ryan652/EasyCrypt/) library as implementing encryption/decryption securely with key derivation, encoding and multiple datatypes can get really complicated. — priyank, Jul 16 '17 at 01:46

score 14 · Accepted Answer · edited May 23 '17 at 12:00

The java AES library has a flaw in it that allows, under the right circumstances, a listener to decrypt the packets sent. See Padding Oracle Exploit Tool vs Apache MyFaces.

That being said check out this SO question Java 256bit AES Encryption.

Bouncy Castle AES EXAMPLE stolen from: http://www.java2s.com/Code/Java/Security/EncryptionanddecryptionwithAESECBPKCS7Padding.htm

import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;

public class MainClass {
  public static void main(String[] args) throws Exception {
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());    
    byte[] input = "www.java2s.com".getBytes();
    byte[] keyBytes = new byte[] { 0x00, 0x01, 0x02, 0x03, 0x04, 
                 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 
                 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 
                 0x15, 0x16, 0x17 };

    SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");

    Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC");

    System.out.println(new String(input));

    // encryption pass
    cipher.init(Cipher.ENCRYPT_MODE, key);

    byte[] cipherText = new byte[cipher.getOutputSize(input.length)];
    int ctLength = cipher.update(input, 0, input.length, cipherText, 0);
    ctLength += cipher.doFinal(cipherText, ctLength);
    System.out.println(new String(cipherText));
    System.out.println(ctLength);

    // decryption pass
    cipher.init(Cipher.DECRYPT_MODE, key);
    byte[] plainText = new byte[cipher.getOutputSize(ctLength)];
    int ptLength = cipher.update(cipherText, 0, ctLength, plainText, 0);
    ptLength += cipher.doFinal(plainText, ptLength);
    System.out.println(new String(plainText));
    System.out.println(ptLength);
  }
}

Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()) What does this do? — Señor Reginold Francis, Jun 30 '10 at 17:49
Security.addProvider lets java know that you are planning on using a particular security provider (it basically installs that security provider into the security manager, similar to loading a library). — Ethan Heilman, Jun 30 '10 at 19:54
I just had what I'll assume is the weirdest coincidence ever: I watched the linked youtube video, and after each byte in the top row was decrypted (right to left) my computer rebooted. When I checked the system log, it was due to CPU temp above threshold. When I opened my computer to switch thermal putty with artic silver 5, I saw that the heatsink fan on the video card was burnt (literally brown, bubbly, and warped). I can't help but be paranoid that there's some faulty flash software exploit.. — snapfractalpop, Feb 27 '12 at 02:04
I just looked that up and read about it..did I just infect my mind? — snapfractalpop, Feb 29 '12 at 07:47

score 1 · Answer 2 · edited May 23 '17 at 12:32

1

Look at my answer here Android database encryption. It contains 2 files that you can include in any of your applications that require data storage to be encrypted.

edited May 23 '17 at 12:32

Community

1
1

answered Nov 24 '13 at 19:31

Plo_Koon

2,953
3
34
41

I going to test It tomorrow. It's look very interesting. Thanks bro. – Eliasz Kubala Dec 22 '14 at 20:36

score 1 · Answer 3 · answered Apr 09 '14 at 08:32

1

I would also check out Conceal to see if it fits your bill. It has a easy to use API which abstracts the cryptographic details: https://github.com/facebook/conceal/

answered Apr 09 '14 at 08:32

user868459

288
1
3
8

score 0 · Answer 4 · answered Feb 23 '18 at 15:57

Considering the overhead to encrypt and decrypt data in Android, I devised a library that relies only in Android and Java native libraries to make the process as simple as possible.

To install, use the jcenter distribuition center. On gradle:

compile 'com.tinmegali.android:mcipher:0.4'

Usage

String ALIAS = "alias"
MEncryptor encryptor = new MEncryptorBuilder( ALIAS ).build();
MDecryptor decryptor = new MDecryptorBuilder( ALIAS ).build();

String toEncrypt = "encrypt this string";
// encrypting
String encrypted = encryptor.encryptString( toEncrypt, this );

// decrypting
String decrypted = decryptor.decryptString( encrypted, this );

MCipher is compatible from SDK 19+, and it automatically adapts itself to smaller and large chunks of data. By default, it uses AES/GCM/NoPadding for SDKs 23+, and RSA/ECB/PKCS1Padding for older versions.

MCipher on Github

Android encryption

4 Answers4

Linked