I have some PDF files on the server, those files are encrypted using AES. Using an API call, I get the file-URL and the corresponding decryption key. Then I download the encrypted file. Now I need to decrypt the file using the key and need to show it in a PDF-renderer (i will use any pdf library, though I haven't decided the library yet). Now my question is, how can I decrypt the file without writing/saving the decrypted file to disk? The target is: the decrypted file should be only on RAM, so that no other cannot get the file without using the app. The risk is, if I write the decrypted file to disk, someone can connect the device to PC and can save the file. I want to decrypt it only on RAM and want to load/show the file from RAM. So that when anyone leaves the app, the decrypted file no longer exists.
Related
I am writing an app for my final year project, so it's more so for proof of concept so it doesn't have to be the best app in the world.
It is like a file locker app that you can add and remove files from the app and when they are stored they will be encrypted. There will be a login of some sort for the user to enter and be verified on a DB.
I am still a novice in android so I still have a way to go, but I am getting there!
I was thinking when the file (which could be a doc, pdf, jpg, video file etc) is added to the app it would be stored in the internal storage (from what I have read it seems to be the best place to store app related content) and a record of the name and file type would be added to the DB and also the encrypted file name. So when the user looks at the app they will see a thumbnail of the pic and the file name, kinda like the My Files app shows up files within a folder.
My question is it best not to store the file directly into the DB but just use the DB as a reference with the file details, if so how could this be done?
Also I was thinking that an AES 128bit encryption method would be best suited for this. I have tried a couple of encryption examples but have only been able to do this with a txt file, when i tried it with a jpg the app just sat there and did nothing. It showed the encrypted and decrypted jpg but this was not viewable.
Would anyone be able to suggest a good way of encrypting any file type that would suit for my app?
Any help would be greatly appreciated!
Cheers,
Owen
If you want to do this properly, here are a few tips:
Don't store files in the database, unless you know in advance that they're going to be really titchy. Store them somewhere else, with a reference to them in the database.
The best place for them if they're smallish is internal storage in the app's private file space. But if you want to be able to store encrypted arbitrary data then you'll need to hit external storage.
Don't store the decryption key!
Ideally, you should find a way not to write the file anywhere when you decrypt it. That might not be possible, though, if you need to open it in another application afterwards. If you write the encrypted files to external storage, you should at the very least write the decrypted version to internal storage where there's some operating system protection against other apps reading it. If you write the decrypted file to external storage, anything will be able to get at it.
AES with a 128-bit key will do you fine.
In my application I need to pass a dynamically decrypted file to a third-party application without saving it to the device.
Example: I have a self created encrypted file which contains both a pdf file and some requirements before the pdf file can be shown. If all requirements are true, that pdf file should be shown by a third-party PDF-reader.
So I need to start a new intent, but there is the problem. I have to give the URI of my pdf file, but I don't have a URI because I didn't save the file to the device.
Is there any way I can get this job done?
For very small PDFs, or PDFs encrypted with some sort of streaming encryption algorithm, you can create a pipe ContentProvider. Using a pipe, you basically pour data into an OutputStream, where the other side uses a Uri and ContentResolver to retrieve the corresponding InputStream.
However, the limits of heap space will severely constrain the size of the file, if you cannot process it in a streaming fashion (e.g., as you read the bytes in from HTTP, decrypt on the fly and pass the decrypted bytes to the OutputStream).
Here is a sample of creating such a ContentProvder.
Answer on my own question:
Together with the answer from CommensWare (and sample code) and this link I have found a semi-solution.
The sample code shows you how to make local files accessible for other applications with a content provider.
The second link describes the implementation of a delete method which deletes the file from the file structure even before it is completely opened by a third party application (and explains why this is possible).
So basically, after decryption, you create a file accessible from the content provider, open it with another application and delete it immediately.
For rooted phones this is still not a 100% solution because they could monitor local file structure changes and instantly copy the file after it has been created.
In my project I am using custom android devices and I have to encrypt all the files on my sdcard for security. I am using AES-128 bit encryption, but it takes too long to decrypt and open the files.
For the videos I have used on the fly decryption using CipherInputStream and CipherOutputStream and a proxy server. Is this possible for big pdf files?
A 12 MB pdf file is taking around 40 seconds to decrypt so opening the file after completely decrypting it is not an option. Also, I do not want to save the decrypted files anywhere on the device. Is it possible to open parts of pdf files as done with videos?
I tried using the full disk encryption in android but it did not work on my custom devices and showed only a green droid, after which nothing happens.
Thanks in advance.
If you just encrypted the whole file and your viewer app/library expects to get a whole file, not really. If you used PDF encryption, which encrypts each object inside the file, you could decrypt and display them on demand.
What exactly are you trying to achieve here? Are those files part of your app? If you just want to protect data on the SD card, there are ways to do this automatically, but they require a rooted device. For example LUKS Manager.
Earlier I was testing on the emulator. On actual device the time taken to decrypt is much less(~6sec for 12 MB) and acceptable.Finally I did the following :-
For videos and audio I used streaming to mxPlayer. For the big files which cannot be shown in parts I encrypted only parts of the file. Encrypting around 10MB of the file makes it unusable.
The files are saved to some hidden temporary location which is deleted once its no longer required.
Still proper apps are required on the device so that Android can detect them and open them when required. Like some video players didn't work when opening video from my application but mxPlayer did.
My android application is configurable using an external XML file present in the SD Card. The changes in the configuration requires a new XML file to be copied in that location. This XML file needs to be encrypted. So if the user request a new config for the app, the steps would be:
New XML file is generated for desired configuration.
File is encrypted using some standard encryption utility.
The file is sent to client/user.
Client copies the file to SD Card, and starts my app.
My application opens the file, decrypt it, read the content and delete the file.
I need help in step 2 and 5. Which standard tool I can use to encrypt my XML file (Should use some standard encryption algo) and secondly how the file can be decrypted in my android app. I am looking into java crypto package.
You can use this:
Android encryption
Beware as you should salt your encryption key with something not stored on the app (coming from a server for example) so that by reverting the APK to code you couldn't read the file anyway.
My application has to download some media files at runtime. I found that I can store them in internal storage so that only my application can access them.
The problem is that internal storage is limited. Now I want to store media files in sdcard but I want to protect them, so that users can not pull them out of the sdcard and distribute them illegally.
you can achieve this only by encrypt your downloading file with some key , so another application can not access your download file.If you want use that file in your application then you have to decrypt it .There is inbuilt encrypt and decrypt protocol available.(Cipher)
Note
But encrypt and decrypt has one disadvantage it will take time to decrypt file.