发表新帖
发表新帖

Android encryption

前端 未结
关注
4 1923
走了就别回头了
走了就别回头了 2020-11-29 19:48

I am working on an android application, and I need to use encryption for one aspect of it. I am really indifferent to which algorithm I use (AES, DES, RSA, etc...). I am awa

相关标签:
4条回答
  • 别跟我提以往
    2020-11-29 20:21

    The java AES library has a flaw in it that allows, under the right circumstances, a listener to decrypt the packets sent. See Padding Oracle Exploit Tool vs Apache MyFaces.

    That being said check out this SO question Java 256bit AES Encryption.

    Bouncy Castle AES EXAMPLE stolen from: http://www.java2s.com/Code/Java/Security/EncryptionanddecryptionwithAESECBPKCS7Padding.htm

    import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;

public class MainClass {
  public static void main(String[] args) throws Exception {
    Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());    
    byte[] input = "www.java2s.com".getBytes();
    byte[] keyBytes = new byte[] { 0x00, 0x01, 0x02, 0x03, 0x04, 
                 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 
                 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 
                 0x15, 0x16, 0x17 };

    SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");

    Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC");

    System.out.println(new String(input));

    // encryption pass
    cipher.init(Cipher.ENCRYPT_MODE, key);

    byte[] cipherText = new byte[cipher.getOutputSize(input.length)];
    int ctLength = cipher.update(input, 0, input.length, cipherText, 0);
    ctLength += cipher.doFinal(cipherText, ctLength);
    System.out.println(new String(cipherText));
    System.out.println(ctLength);

    // decryption pass
    cipher.init(Cipher.DECRYPT_MODE, key);
    byte[] plainText = new byte[cipher.getOutputSize(ctLength)];
    int ptLength = cipher.update(cipherText, 0, ctLength, plainText, 0);
    ptLength += cipher.doFinal(plainText, ptLength);
    System.out.println(new String(plainText));
    System.out.println(ptLength);
  }
}
    0 讨论(0)
  • 情书的邮戳
    2020-11-29 20:28

    Look at my answer here Android database encryption. It contains 2 files that you can include in any of your applications that require data storage to be encrypted.

    0 讨论(0)
  • 长情又很酷
    2020-11-29 20:28

    Considering the overhead to encrypt and decrypt data in Android, I devised a library that relies only in Android and Java native libraries to make the process as simple as possible.

    To install, use the jcenter distribuition center. On gradle:

    compile 'com.tinmegali.android:mcipher:0.4'

    Usage

    String ALIAS = "alias"
MEncryptor encryptor = new MEncryptorBuilder( ALIAS ).build();
MDecryptor decryptor = new MDecryptorBuilder( ALIAS ).build();

String toEncrypt = "encrypt this string";
// encrypting
String encrypted = encryptor.encryptString( toEncrypt, this );

// decrypting
String decrypted = decryptor.decryptString( encrypted, this );

    MCipher is compatible from SDK 19+, and it automatically adapts itself to smaller and large chunks of data. By default, it uses AES/GCM/NoPadding for SDKs 23+, and RSA/ECB/PKCS1Padding for older versions.

    MCipher on Github

    0 讨论(0)
  • 时光取名叫无心
    2020-11-29 20:39

    I would also check out Conceal to see if it fits your bill. It has a easy to use API which abstracts the cryptographic details: https://github.com/facebook/conceal/

    0 讨论(0)
 看不清?
提交回复
热议问题