I want to decrypt a file stored at my app's res folder. This file is distributed with the app, and I'm trying to decrypt it only once during app start.
So far, I've found some answers (this one, for instance) about how to write the decrypted file into sdcard, but won't that file be available to malicious access at the sdcard?
I wish I could write the CipherInputStream into a java.io.InputStream, so I could use it without writing any decrypted data to disk. Is it possible?
I think you want something like this
private InputStream getDecodedInputStream (InputStream eis) {
Cipher cipher = Cipher.getInstance("your cipher definition");
cipher.init(Cipher.DECRYPT_MODE, "your keySpec", new IvParameterSpec("your IV parameter spec"));
InputStream decryptedInputStream = new CipherInputStream(is, cipher);
return decryptedInputStream;
}
where eis is your encrypted input stream
Related
I have an unencrypted File that I want to write as an EncryptedFile using the androidx.security library. The example docs show reading the existing file to be encrypted into a byte array then writing that byte array to the encrypted file. I worry if the file that needs to be encrypted is very large reading the bytes into memory could cause OOM crashes on older devices. e.g:
val inputStream = FileInputStream(file)
val bytes = inputStream.readBytes()
inputStream.close()
...
encryptedFile.openFileOutput().apply {
write(bytes)
flush()
close()
}
Wouldn't opening an input stream and then using the copyTo Kotlin extension be the less memory intensive option? Or is there a better way I am overlooking?
encryptedFile.openFileOutput().apply { // opens FileOutputStream
val inputStream = FileInputStream(file)
inputStream.copyTo(this)
inputStream.close()
flush()
close()
}
I am using database files and some text files which I have put in the Assets folder. When any user downloads my APK file and extracts it, he will get my resources from the assets folder easily.
How can I encrypt all my resources so that if anyone gets my resources, he can't use it?
Assuming the asset file is already encrypted, Java's CipherInputStream to decrypt content of the asset file would help your need
// Cipher that holds algorithm (E.g. AES)
Cipher cipher = getCipherProbablyAES();
// Get input stream to that file. Handle IOException on your own
InputStream assetFile = getAssets().open("myEncrypted.txt");
CipherInputStream cipherIS = CipherInputStream(assetFile, cipher);
I'm trying to encrypt a JSON string in Android and decrypt it in Ruby using AESCrypt.
AESCrypt.decrypt(dataToDecrypt, secret)
With this Java code I could decrypt second half of the data!
MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(secret.getBytes("UTF-8"));
byte[] digest = md.digest();
SecretKeySpec newKey = new SecretKeySpec(keyBytes, "AES");
Cipher cipher = null;
cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, newKey);
byte[] encryptedData = cipher.doFinal(textBytes);
String encryptedDataStr = Base64.encodeToString(encryptedData, Base64.DEFAULT)
Raw data is:
{"device_id":"863438021956196","imei":"863438021956196"}
And decrypted data in Ruby is:
\xEE\x99\x95\xC5p\x17\x8A\xFB\xF0\xA5\xC7\x1D7\x98\xBD\xD93438021956196\",\"imei\":\"863438021956196\"}
What is the problem?
CBC mode requires an IV. By failing to explicitly specify one you are relying on defaults. It looks like the default Java IV is different than the default IV for the Ruby code. Don't use defaults.
I had this same issue, as #GreyS mentions the default IV's are different, AFAIK Java creates a random IV if you don't supply one. Also pretty sure AESCrypt uses PKCS7Padding. In any case, to help to work between AESCrypt and Android I recently created AESCrypt-Android
I am trying to create internal storage folder(s) and copy over my RAW files to those folder. I have following method
EDIT
private byte[] buffer = null;
private String DIR_NAME = "images/sample_images";
public void storeRAWFilesToInternalStorage()
{
buffer = new byte[3000000];
mFilesDir = tempContext.getFilesDir();
mImagesDir = new File(mFilesDir, DIR_NAME);
if (!mImagesDir.exists() && !mImagesDir.isDirectory()) dirCreated = mImagesDir.mkdirs();
InputStream fileStream = tempContext.getResources().openRawResource(R.raw.desert);
fileStream.read(buffer);
fileWithinMyDir = new File(mImagesDir, "my_sample_image.jpg");
FileOutputStream outputStream = new FileOutputStream(fileWithinMyDir);
outputStream.write(buffer);
outputStream.close();
}
it works fine, however I have following questions.
What is the buffer size should I assign since I dont know the bytes size of each file. If I assign more than required then I am wasting memory. If I am assigning less than required then image wont be saved properly.
Also, I see the image saved in my Internal Storage (using ES Fileexplorer to view files), but when I try to open it, it doesnt show up. Weird.
END EDIT
Also what if I have 100 RAW files which I would like to copy to my Internal Folder, say "images". I dont want to type following thousand of times.
InputStream fileStream = tempContext.getResources().openRawResource(R.raw.**asset_name**);
Is there a way to loop through all raw resources, read them and store them to Internal Storage folder? Can I see some code snippet?
I want to encrypt file and store it in SD card. I want to decrypt that encrypted file and store it in SD card again. I have tried to encrypt file by opening it as file stream and encrypt it but it is not working. I want some idea on how to do this.
Use a CipherOutputStream or CipherInputStream with a Cipher and your FileInputStream / FileOutputStream.
I would suggest something like Cipher.getInstance("AES/CBC/PKCS5Padding") for creating the Cipher class. CBC mode is secure and does not have the vulnerabilities of ECB mode for non-random plaintexts. It should be present in any generic cryptographic library, ensuring high compatibility.
Don't forget to use a Initialization Vector (IV) generated by a secure random generator if you want to encrypt multiple files with the same key. You can prefix the plain IV at the start of the ciphertext. It is always exactly one block (16 bytes) in size.
If you want to use a password, please make sure you do use a good key derivation mechanism (look up password based encryption or password based key derivation). PBKDF2 is the most commonly used Password Based Key Derivation scheme and it is present in most Java runtimes, including Android. Note that SHA-1 is a bit outdated hash function, but it should be fine in PBKDF2, and does currently present the most compatible option.
Always specify the character encoding when encoding/decoding strings, or you'll be in trouble when the platform encoding differs from the previous one. In other words, don't use String.getBytes() but use String.getBytes(StandardCharsets.UTF_8).
To make it more secure, please add cryptographic integrity and authenticity by adding a secure checksum (MAC or HMAC) over the ciphertext and IV, preferably using a different key. Without an authentication tag the ciphertext may be changed in such a way that the change cannot be detected.
Be warned that CipherInputStream may not report BadPaddingException, this includes BadPaddingException generated for authenticated ciphers such as GCM. This would make the streams incompatible and insecure for these kind of authenticated ciphers.
I had a similar problem and for encrypt/decrypt i came up with this solution:
public static byte[] generateKey(String password) throws Exception
{
byte[] keyStart = password.getBytes("UTF-8");
KeyGenerator kgen = KeyGenerator.getInstance("AES");
SecureRandom sr = SecureRandom.getInstance("SHA1PRNG", "Crypto");
sr.setSeed(keyStart);
kgen.init(128, sr);
SecretKey skey = kgen.generateKey();
return skey.getEncoded();
}
public static byte[] encodeFile(byte[] key, byte[] fileData) throws Exception
{
SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
byte[] encrypted = cipher.doFinal(fileData);
return encrypted;
}
public static byte[] decodeFile(byte[] key, byte[] fileData) throws Exception
{
SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, skeySpec);
byte[] decrypted = cipher.doFinal(fileData);
return decrypted;
}
To save a encrypted file to sd do:
File file = new File(Environment.getExternalStorageDirectory() + File.separator + "your_folder_on_sd", "file_name");
BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(file));
byte[] yourKey = generateKey("password");
byte[] filesBytes = encodeFile(yourKey, yourByteArrayContainigDataToEncrypt);
bos.write(fileBytes);
bos.flush();
bos.close();
To decode a file use:
byte[] yourKey = generateKey("password");
byte[] decodedData = decodeFile(yourKey, bytesOfYourFile);
For reading in a file to a byte Array there a different way out there. A Example: http://examples.javacodegeeks.com/core-java/io/fileinputstream/read-file-in-byte-array-with-fileinputstream/
You could use java-aes-crypto or Facebook's Conceal
java-aes-crypto
Quoting from the repo
A simple Android class for encrypting & decrypting strings, aiming to
avoid the classic mistakes that most such classes suffer from.
Facebook's conceal
Quoting from the repo
Conceal provides easy Android APIs for performing fast encryption and
authentication of data