Android Retrofit Parameter Encryption and Decryption SHA256

Question

In my application I am using webservices using Retrofit. I have to Encrypt Field (parameter) in Request and Decrypt it on PHP Server.

I have to Encrypt and Decrypt version parameter.

Here is my RetroApi.java

public interface RetroApi {

    @FormUrlEncoded
    @POST("index.php/api/check-version")
    Call<String> getCheckVersion(@Field("version") String version, @Field("app") String app);
    
}

Creating instance of RetroApi.java

RetroApi retroApi;

HttpLoggingInterceptor logging = new HttpLoggingInterceptor();

logging.setLevel(HttpLoggingInterceptor.Level.BODY);
OkHttpClient httpClient = new OkHttpClient.Builder().addInterceptor(logging).build();
Gson gson = new GsonBuilder().setLenient().create();
Retrofit retrofit = new Retrofit.Builder().baseUrl(RetroApp.BASE_URL).addConverterFactory(ScalarsConverterFactory.create())
        .addConverterFactory(GsonConverterFactory.create(gson)).client(httpClient).build();

retroApi = retrofit.create(RetroApi.class);

Here is the Webservice call

Call<String> getResult = retroApi.getCheckVersion(Constants.SP_APP_VERSION, Constants.SP_APP_NAME);
    getResult.enqueue(new Callback<String>() {
        @Override
        public void onResponse(Call<String> call, Response<String> response) {
             
        }

        @Override
        public void onFailure(Call<String> call, Throwable t) {
            t.printStackTrace();
        }
    });

Please assist me to accomplish this.

@AbuYousuf I have to Encrypt the response and Decrypt it on Server — Amit Yadav, Dec 22 '21 at 09:46
What problem you are facing in `Encrypt the api parameters` ? — Abu Yousuf, Dec 22 '21 at 10:03
What exactly is your question here ? for encryption/decryption you can use a Custom interceptor or you can directly do it before sending the request. For Encryption technique you have to be specific because there is lots of out there . mostly used is `AES` .. Which Encryption you are using ? — ADM, Dec 24 '21 at 13:00

score 1 · Accepted Answer · answered Dec 24 '21 at 09:57

Basically what you can do is simply encrypt your parameters with the standard Android tools. Here is a simple example of how to do it from which you can start.

Basically is everything you need from an Android perspective, except for a way to store a secret - for that, you can use EncryptedSharedPreferences

After that, you can send those encrypted strings as your API arguments.

you can also create a centralized encryption factory for your requests like this:

OkHttpClient okHttpClient = SomeOkHttpImplementation();

Retrofit retrofit = new Retrofit.Builder()
                .client(okHttpClient)
                .callFactory(new Call.Factory() {
                    @Override
                    public Call newCall(Request request) {
                        Request encryptedRequest = someFunctionToEncryptRequestOrItsArgs(request);
                        return okHttpClient.newCall(encryptedRequest);
                    }
                })
                .baseUrl(sBaseUrl)
                .build();

Or with custom Interceptor as shown here

The problem is that you will have to find a way to decrypt them on PHP side. I am not a PHP expert but I'm sure there are ways to do that. For example here and here you can find the Java and PHP implementation of the similar ciphers.

Android Retrofit Parameter Encryption and Decryption SHA256

1 Answers1