I'm making custom EncryptedSharedPreferences implementation, and I want to encrypt alias (key) in key/value store so the attacker has a hard time figuring out the values that are stored.
I'm Base64-encoding encrypted bytearray, and when I want to save it, it says that key is too long to have it stored.
Is there a way to shorten Base64 encoding, or to use some other way to make it work? Maybe something like the new EncryptedSharedPreferences from jetpack security library uses, it saves the alias (key) in shorter form, using Tink's deterministic crypto primitives, but how can I achieve that shorter encoding?
Thanks in advance!
Related
i want to build a dictionary in C++ and qt and later for android,which will have a word and meaning.the easy option is to use sqlite or mysql like DBMS but i dont want to use them as sqlite is not secure(anyone can open that sqlite database to copy my word-meaning pair) and mysql needs a large installer file to be deployed along with installer.is there any way in which i can store my word-meaning pair in program?or can i store that word-meaning pain in a string array?there are 120000 words and almost 360000 meaning so if i make a string string word_meaning[360000][2]? will it be a problem to load the program?
or using a password protected zip?is it a viable solution?
kindly recommend any other secure and better method
regards
Like MSalters says, there is no way to make it guaranteed unbreakable, but you can make it pretty hard. And if you make it hard enough to break your security so that it is not worth the effort then you are secure enough.
You have a trade off between programming complexity and security.
The most secure that I can think of is putting the database on your own server and have your app query the server. That way no hacker has access to your database. But perhaps you also have a need for high performance when looking through the dictionary or you don't want your game to need internet.
The next thing I can think of is to place an encrypted text file with the word-meanings in your app's assets directory. Your app will contain the key to decrypt the text file and a hacker would need to decompile your app and find the key before he can decrypt the file to steal your dictionary.
Hope this helps.
I need to store resource files(text doc,imgaes,music etc) in my app in encrypted format and in runtime i need to decrypt the files and use it. Thanks in advance.
Then how can i achieve this?
If you do not want the user to have access to the data, do not store it on the user's phone.
A sufficiently interested user can access anything on their device. This would include your code along with your resources. Any encryption algorithm and key that you use will be in your code; finding that and using that to decrypt your resources is not especially difficult.
I,m creating a quiz to Android, and my questions and answers are stored in the SQLite DB.
Now I realized that maybe users can browse the db and see all questions and answers from the device if they have the apropriate tools, am I right?
How can I prevent them from users from seeing my data? Is it possible to use a password to access data, or something like that?
Thanks in advance,
João
Consider using the javax.crypto api. Store your answers in the database as encrypted strings, and then use the encryption key in your app's code to decrypt the data after it's read from the database.
Remember that a determined user will find a way to break your encryption (typically by coercing the encryption key out of your app's source code), and there is no such thing as 100% secure when dealing with untrusted parties (i.e. users).
Yes, it's definitely possible!
You can encode and decode the data with a key. At least, it will be not directly readable.
Each time you write data in your DB, you encode it.
Each time you read it, you decode it.
I have to encrypt a list containing three fields for each record (a tag, a username and a password).
Those will be saved in a JSON structure and then written to storage.
My question is, should I encrypt the whole file or should I encrypt the single fields, convert the encrypted strings to Base64 and put those encrypted fields in the JSON file?
Considering I don't expect the file to become very big (say, less then a MB), that I'll always be reading it as a whole and that the target platform is Android, what is the best approach in terms of performance and security?
Encryption is significantly weakened if you're encrypting less than an entire block at once. So encrypt the whole file.
I recommend encrypting the entire file. If you encrypt field by field, then an attacker will see that the data is an array of (tag, username, password). That already exposes part of your data structure and weakens the encryption. Encrypting and decrypting the entire file might even be faster than doing each field separately, although for the sizes you are talking about I don't think that's an issue.
In general you should encrypt the entire file. However if you are using a poor implementation then this can work against you. For instance if you use a stream cipher like RC4 and you reuse the key, then the file structure can be used against you by revealing sections of the prng stream. This was used in the WEP attack. But the problem here is the weak implementation.
In short use CBC or CMAC mode with a random IV and Blowfish or AES-256 with an s2k function or random key. Also keep in mind that there is no place to hide a secret key on the android or iphone without the user being able to access it.
I am creating an application which uses a steganography algorithm. Now I can encrypt and decrypt text. But I want my application to ask for password after encrypting the text into the image, so that whenever someone will decrypt the image it would ask for the password for authentication. Is this even possible? If yes, how?
Decrypt the text with a symmetric cypher like AES. To get the encryption key use a password based key derivation function (such as PBKDF2) on the password the user entered.
Then hide the encrypted text in your image using steganography.
strictly speaking, steganography isn't encryption, it's simply an encoding. If you want the encoded message to be truly encrypted, then use a trusted algorithm (don't be tempted to invent one!). as Andre suggests in another answer, AES would be fine.
Yes, it's possible. You can use any symmetric key algorithm, e.g. AES. But be sure the encoding/decoding isn't losing any bit.
I've used digital signature with QR codes before and it was changing some bits because it encoded them as ISO-8859-1. My solution was use Base64 before embed into the code. It required more space, but was safer.