I want to save some of my sensitive data (string) in keyStore. I found that keyStore only accepts secretKey objects. But, I'm not able to store it and and retreive it later using keyChain callback by using the alias name of the secretKey
Any help will be appreciated..!
I think you are looking something like MD5. An MD5 hash is created by taking a string of an any length and encoding it into a 128-bit fingerprint. Encoding the same string using the MD5 algorithm will always result in the same 128-bit hash output. MD5 hashes are commonly used with smaller strings when storing passwords, credit card numbers or other sensitive data in databases such as the popular MySQL. This tool provides a quick and easy way to encode an MD5 hash from a simple string of up to 256 characters in length.
MD5 hashes are also used to ensure the data integrity of files. Because the MD5 hash algorithm always produces the same output for the same given input, users can compare a hash of the source file with a newly created hash of the destination file to check that it is intact and unmodified.
Hashing String with MD5:
public class JavaMD5Hash {
public static void main(String[] args) {
String password = "MyPassword123";
System.out.println("MD5 in hex: " + md5(password));
System.out.println("MD5 in hex: " + md5(null));
//= d41d8cd98f00b204e9800998ecf8427e
System.out.println("MD5 in hex: "
+ md5("The quick brown fox jumps over the lazy dog"));
//= 9e107d9d372bb6826bd81d3542a419d6
}
public static String md5(String input) {
String md5 = null;
if(null == input) return null;
try {
//Create MessageDigest object for MD5
MessageDigest digest = MessageDigest.getInstance("MD5");
//Update input string in message digest
digest.update(input.getBytes(), 0, input.length());
//Converts message digest value in base 16 (hex)
md5 = new BigInteger(1, digest.digest()).toString(16);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return md5;
}
}
referance :
http://viralpatel.net/blogs/java-md5-hashing-salting-password/
https://www.mkyong.com/java/java-md5-hashing-example/
http://www.asjava.com/core-java/java-md5-example/
you can use shared preferance which is very easy to handle also.
https://developer.android.com/training/basics/data-storage/shared-preferences.html
Android Shared preferences example
Related
I search a lot but I didn't find the useful answer. I develop java and android security application. I found some problem that when I create RSA key on PC and I transfer RSA public key to android. When I encrypt my data with public key on android and I decrypt the data by using private key on PC, it shows Badpadding Exception. I search on the google on this exception. I found some user that has the same problem to me but the answer is no use. They told me to use Base64 to encode it but the key is still wrong. here is my code.
public void generateKeys(){
try {
KeyPairGenerator generator;
generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(1024, new SecureRandom());
KeyPair pair = generator.generateKeyPair();
pubKey = pair.getPublic();
privKey = pair.getPrivate();
//================================================
System.out.println("My Public KEY "+pubKey.toString());
System.out.println("My Private KEY "+privKey.toString());
byte[]pk_byte = pubKey.getEncoded();
byte[]sk_byte = privKey.getEncoded();
FileOutputStream keyfos_pub = new FileOutputStream(new File(Environment.getExternalStorageDirectory(),"RSAKey/publicKey.txt"));
keyfos_pub.write(pk_byte);
keyfos_pub.close();
FileOutputStream keyfos_pri = new FileOutputStream(new File(Environment.getExternalStorageDirectory(),"RSAKey/privateKey.txt"));
keyfos_pri.write(sk_byte);
keyfos_pri.close();
} catch (FileNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
When I print out the key, it looks like this.
RSA Private CRT Key
modulus: dba017a7653612c53f3a46bb99f5098c7bf9012d06f3d20f8f01a67d17aeefd83070a2ff181468679a2d5abae6f7c074b7b3888a4a57533acc3d2d1dfdd86cdc032d3eafd6cf8423edfa3451333bf1d7377352dd3feb9268032831abd72c5c932fed9b4c667f3da062f4beb7a321f2c434d232ee746885dce13a1656eb42fe6b
public exponent: 10001
private exponent: 72f10f5019653a5fa6de9e0432e80e4e4ad79fe8ebd99157793598e7a10c7a14000e0310548ee1b14efc6b9ea3a08845cd9a955c22da1f0207c000abd09d83228e05a42f9bd88733afc2a4c1e30770e7ac3c41c55adae734e4f8126da494a88f362d716d6b37a2d7bfbe53824cfb9dc7a0289aa432226bbece49129f47de2a61
primeP: efa2665a1e08dce4450ad608e17df1e3650ab2cfc44e9b3b6a346611b270b245e21c28f71971d5062368e66b99297085f23104577e529ef08b263e63387cf17b
primeQ: ea9fde740a15d7f68f5aadb72a588f65da3761119b0c73930f111a43d513d19f42185afcd0291f03a9861a7757108f0e83d4d904ddf541a2debd79344387bbd1
primeExponentP: 45202ab84a3bb244a2e9fa4dfb861235cf5ae3b3ed63e381a32454613c8127dbe2daceb26103a638ac14418bbe55e6e0acb99910081f9b3bb65824dd08597a6b
primeExponentQ: 53ca665a90a37e6e1a822ad9e8309a7da871f0a3a5f8cb69b08ece0f7d90476395ea36cc64d6dab1a72032617e6176859b852f3ff2b8bd091a7d164518fce791
crtCoefficient: 695a3707d033aa2474a7a64959589842099a220540167b48f42bbbd1d786d1a84c378f9a1bc0311948287cbf7669aa44156dd9f24bfe88baf931e5da70a06c4
RSA Public Key
modulus: dba017a7653612c53f3a46bb99f5098c7bf9012d06f3d20f8f01a67d17aeefd83070a2ff181468679a2d5abae6f7c074b7b3888a4a57533acc3d2d1dfdd86cdc032d3eafd6cf8423edfa3451333bf1d7377352dd3feb9268032831abd72c5c932fed9b4c667f3da062f4beb7a321f2c434d232ee746885dce13a1656eb42fe6b
public exponent: 10001
I send my key to PC and print out it looks like this
Sun RSA private CRT key, 1024 bits
modulus: 133510687177139403090984227659818165988216147752229771757259279456909046924729578431711819486905574365970242930474912203422914618872480707080105400973005394104312017850522474151319747965391515392091886771183127658574637486403332621957057719375091145573274843838361168501101321026667287976397870949812555235301
public exponent: 65537
private exponent: 9980146428442039393666657480590341260299844482325612277626580558453963728645653672535456363067433797990268399780224833064816191126482490562360748269935354262219600344146818595176602910809143102802601846580823241077395526479491554799584457750285244532837191028964347562514222968145677820868899082320352227173
prime p: 12299841631131712301068734715117232218530765196368758184959862403767638338760002562429845237522849739220962134079733702092483313582445665328865919334315231
prime q: 10854667172235374767842313747899047475769598966944705527971116954964144369647441254504149073040778536441723902849901407264741891511747045046848533162966971
prime exponent p: 9681923647204217071082501281466465900019303827612974308340469989251337818636053102684450861548877311242977166683023364260601327205871598989662862911311993
prime exponent q: 1654443602597908945419791446477006656323336803344838236704510234877044083623118096514059921732827819407607611968318128037101282547428799502158627916518563
crt coefficient: 8339065711012644104593134475846199184972354402766421557421676186133596071951423663692155855342215056476322973047333984032026031966395156454879551656339085
It is clear that the key was changed because there is a word "1024 bits" appear in the key and the number of modulas is not the same as well
How can I manage this problem. I'd like a professional to help me please
That does look like a different key. Please try again as you've probably send an old key or something. Make sure you don't regenerate the key pair, it will be different each time. Use the private key to print out the modulus as BigInteger instead; BigInteger instances will always print out as decimals making for an easier comparison. Or even better, use BigInteger.toString(16) to get a hexadecimal representation.
If you use a good random number generator (like the default one in Java) then the modulus should be unique for the key pair. Therefore it, or the SHA1 hash over the modulus is normally used to identify the key.
They're the same thing, but Android prints it out in base 16 (hexadecimal) whereas your desktop's Java is printing it in base 10 (decimal). You'll see variations of the output of toString() between different implementations.
For instance, look at the public exponent and note that hex 0x10001 is equal to decimal 65537. This exponent is commonly known as RSA F4. However as this public exponent is used for a lot of keys, you cannot use it to distinguish between keys.
With Android 4.3, this code return null.
KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
keyStore.setKeyEntry(alias, privateKey, null, certificateChain);
PrivateKeyEntry entry=(PrivateKeyEntry)keyStore.getEntry(alias, new PasswordProtection(password));
assert(entry.getPrivateKey().getEncoded()!=null);
How it's possible to get the encoded version of private key ?
Or, is it possible to transmit the private key handler to another application ?
Thank's
The Android KeyChain API prevents you from being able to get an encoded private key.
See the method at line 158 of OpenSSLRSAPrivateKey.java
#Override
public final BigInteger getPrivateExponent() {
if (key.isEngineBased()) {
throw new UnsupportedOperationException("private exponent cannot be extracted");
}
But the benefit of using the KeyChain API is that it provides system-wide credential storage. Any app should be able to retrieve the key pair and certificate by its alias. Refer to the KeyStore docs.
I am working on mobile product. We are using the data in xml document. In order to keep our data secure we need an encryption algorithm(but we don't want the existing algorithm to import)
Can u give me some steps to encrypt the data.(if code example is most welcome).
To be more secure, you have to do with your own secret key. Try to use this code
KeyStore ks = KeyStore.getInstance();
// get the names of all keys created by our app
String[] keyNames = ks.saw("");
// store a symmetric key in the keystore
SecretKey key = Crypto.generateKey();
boolean success = ks.put("secretKey1", key.getEncoded());
// check if operation succeeded and get error code if not
if (!success) {
int errorCode = ks.getLastError();
throw new RuntimeException("Keystore error: " + errorCode);
}
// get a key from the keystore
byte[] keyBytes = ks.get("secretKey1");
SecretKey key = new SecretKeySpec(keyBytes, "AES");
// delete a key
boolean success = ks.delete("secretKey1");
If you want to develop your own encryption scheme, be prepared to embark on a research project. You can use any of standard encryption algorithms like AES/DES etc, with your private keys that are sufficiently long and difficult to crack.
public string PassEncrypt(string Password)
{
// Encrypting the password entered by User
// ======================================================
MD5 md5 = new MD5CryptoServiceProvider();
md5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(Password));
byte[] result = md5.Hash;
StringBuilder strBuilder = new StringBuilder();
for (int i = 0; i < result.Length; i++)
{
strBuilder.Append(result[i].ToString("x2"));
}
return strBuilder.ToString();
// ======================================================
}
OR
You may refer on this links :
developer.motorala.com
codereview.stackexchange.com
android snippets
java-tips.org
I want to verify if a certificate with a certain public key exits in android keystore or not.I have key which is holded in a string.How do I verify if the corresponding certificate is present in keystore.
When checked the apis i found certificate.verify(mykey); is the only option.but mykey sholud be of type PublicKey and I have it in string.
String is 0r1wxn7wIXJuS/hDnDvectD2VTmel9akk8awIWAXIRo= .....this is a hash of public key..i have to return back the certficate corresponding to this key.
Can anyone help me ?
Can anyone help me ?
Regards
kozlov
KeyStore store = ... ;
byte[] target = ... ; // Base-64 decode your string.
MessageDigest digest = MessageDigest.getInstance(algorithm);
Enumeration<String> aliases = store.aliases();
while(aliases.hasMoreElements()) {
String alias = aliases.nextElement();
Certificate c = store.getCertificate(alias);
if (c == null)
continue;
PublicKey pub = c.getPublicKey();
byte[] hash = digest.digest(pub.getEncoded());
if (MessageDigest.isEqual(hash, target)) {
// Certificate "c" is a match.
}
}
i'm looking very hard for a possibility to encrypt my sqlite database on Android devices, but I was't able to find a satisfying solution.
I need something like a libary to reference, in order to have a "on the fly" encryption/decryption of my database, while using the normal sqlite functions.
I don't want to encrypt data before storing.
I don't want to encrypt the whole databasefile, in order to decrypt it before using.
I know about the following projects:
SEE
wxSQLite
SQLCipher
SQLiteCrypt
Botan
But I can't find any working example for this stuff.
Btw, I'm absolutly willing to purchase a commercial build, but I have to test ist before spending a few hundred dollars.
Did anyone solve this issue for his own?
Try the SQLCipher port to Android instead of the regular SQLCipher.
litereplica supports encryption using the ChaCha cipher, faster than AES on portable devices.
There are bindings for Android.
To create and open an encrypted database we use an URI like this:
"file:/path/to/file.db?cipher=...&key=..."
If anyone is still looking:
Override SQLiteOpenHelper function as below:
void onConfigure(SQLiteDatabase db){
db.execSQL("PRAGMA key = 'secretkey'");
}
private String encrypt(String password) {
try {
SecretKeySpec keySpec = generateKey(password);
Cipher c = Cipher.getInstance("AES");
c.init(Cipher.ENCRYPT_MODE,keySpec);
byte[] encVal = c.doFinal(password.getBytes());
String encryptedValue = Base64.encodeToString(encVal,Base64.DEFAULT);
return encryptedValue;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
private SecretKeySpec generateKey(String password) throws Exception {
final MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] bytes = password.getBytes(StandardCharsets.UTF_8);
digest.update(bytes,0,bytes.length);
byte[] key = digest.digest();
SecretKeySpec secretKeySpec = new SecretKeySpec(key,"AES");
return secretKeySpec;
}
I just used the encrypt function to encrypt the password. Here I used the user's password as a key. Therefore I don't need to keep the key inside the application. When the user wants to log in, simply encrypt the password and try to match with the encrypted password in the database and allow them to log in.