I have to encrypt a list containing three fields for each record (a tag, a username and a password).
Those will be saved in a JSON structure and then written to storage.
My question is, should I encrypt the whole file or should I encrypt the single fields, convert the encrypted strings to Base64 and put those encrypted fields in the JSON file?
Considering I don't expect the file to become very big (say, less then a MB), that I'll always be reading it as a whole and that the target platform is Android, what is the best approach in terms of performance and security?
Encryption is significantly weakened if you're encrypting less than an entire block at once. So encrypt the whole file.
I recommend encrypting the entire file. If you encrypt field by field, then an attacker will see that the data is an array of (tag, username, password). That already exposes part of your data structure and weakens the encryption. Encrypting and decrypting the entire file might even be faster than doing each field separately, although for the sizes you are talking about I don't think that's an issue.
In general you should encrypt the entire file. However if you are using a poor implementation then this can work against you. For instance if you use a stream cipher like RC4 and you reuse the key, then the file structure can be used against you by revealing sections of the prng stream. This was used in the WEP attack. But the problem here is the weak implementation.
In short use CBC or CMAC mode with a random IV and Blowfish or AES-256 with an s2k function or random key. Also keep in mind that there is no place to hide a secret key on the android or iphone without the user being able to access it.
Related
I have folder named docFolder located inside download directory of device interval memory. The folder contains lot of files in different format (html,png,jpg etc...).
How can I easily programmatically encrypt docFolder so that users can not open the folder. I also need to decrypt docFolder programmatically so that I can use the files in my code.
Please help.
Having done the research for your use case before, I can help you with my results and findings.
You can use symmetric algorithms for encryption and decryption. These symmetric encryption algorithms are relatively faster and consume fewer resources for computation.
You can read about symmetric cryptosystem here.
You will find lots of Java codes for each algorithm.
You need to ensure that the key used for symmetric encryption is not stored locally as users can Decompile the APK and access the code. For this, you can retrieve the keys for each user from public cloud database services like Firebase, etc.
So instead of encrypting the folder, you can encrypt your important docs and store them in the app's dedicated path.
In general, Other regular apps cannot access your app's dedicated path. Android won't allow that. But the users can browse through them using any file browser.
Read about Data and File Storage in Android here and choose the best suitable method for your use case.
Hope this is helpful.
you can not encrypt Folders but you can encrypt files
take look at
http://www.codejava.net/coding/file-encryption-and-decryption-simple-example
keep in mind encrypting an decrypting is comes with costs of battery usage and time (depends on your file size you might even have lag on app).
you should only encrypt very important,sensitive data
if you don't want users access your file directly, you can store them in sqlite
I am new to android development ,My question is can i search encrypted string in encrypted file .In brief when i give a search term first it is encrypted and searches for the required term in encrypted file.I searched google but find nothing in java or android one related what i found is:
Encrypted Search
If you can I would suggest decrypting the data, storing it in memory, and disposing of it when finished. If that option isn't available I would suggest looking into Homomorphic encryption. The algorithm was developed by some IBM guys but is still highly experimental and only advised for research. Hope this helps!
It definitely depends on the encryption you are using. As Zack Matthews mentioned, there is Homomorphic encryption designed to make this and other operations on encrypted information possible. But for simpler, more common types of encryption, it is not that simple. Even in ECB mode (which is not secure precisely because it has the property you are looking for in a limited sense) block ciphers like AES, Twofish, and Serpent, which usually have 128 bit blocks, but sometimes 64 bit, will have the same plain text yield the same cipher text only if every byte in that 16 byte block is identical to the bytes you are looking for. Flip one bit in the plain text, and the cipher text will be different throughout the entire block.
It gets worse with CBC mode. This mode has an XOR feedback which virtually guarantees the same plain text will never yield the same cipher text, even if that plain text appears repeatedly in the same document.
I want to develop a simple encryption application for android. Which algorithm should I use to encrypt all data types such as images, office documents, multimedia, etc and why its a good one?
Does AES covers all types of data ?
AES can encrypt any data that can be represented as a sequence of bytes, so it can encrypt all types of data.
AES has been through a great deal of testing, and nobody has broken it yet. Pretty much every encryption library will include AES, including both Bouncy Castle and Spongy Castle for Android. AES is the standard and is your first choice, unless you have specific reasons for not using it.
Use it in either CBC mode with PKCS7 padding or CTR mode. Yes, if you don't know you will need to learn a bit about block cypher modes and cryptographic padding.
For authentication, if you require it, either use HMAC-SHA256 or GCM mode, which includes authentication.
Yes, I believe you can encrypt everything you want with AES. Just treat all data types as a stream of bytes. No problem here.
My question is related to following questions.
Security of Android assets folder
Assets Security in Android
Basically the application which I am making has some mp3 resources which I wanted to secure. So is there library which work on android to encrypt and then decrypt resources especially mp3 files.
Thanks.
Keep in mind that any method of encryption that you use will need storing the key to decrypt the encrypted data. This key will have to be available to your application and thus to anyone who has access to your application. By encrypting the data you change the problem of hiding your data to the problem of hiding your key and there is pretty much no way around it. The most you can do is to make your data harder to read but it can't be made impossible to read, unless you run your application on a trusted computing platform, as I said in my answer to your previous question.
I am creating an application which uses a steganography algorithm. Now I can encrypt and decrypt text. But I want my application to ask for password after encrypting the text into the image, so that whenever someone will decrypt the image it would ask for the password for authentication. Is this even possible? If yes, how?
Decrypt the text with a symmetric cypher like AES. To get the encryption key use a password based key derivation function (such as PBKDF2) on the password the user entered.
Then hide the encrypted text in your image using steganography.
strictly speaking, steganography isn't encryption, it's simply an encoding. If you want the encoded message to be truly encrypted, then use a trusted algorithm (don't be tempted to invent one!). as Andre suggests in another answer, AES would be fine.
Yes, it's possible. You can use any symmetric key algorithm, e.g. AES. But be sure the encoding/decoding isn't losing any bit.
I've used digital signature with QR codes before and it was changing some bits because it encoded them as ISO-8859-1. My solution was use Base64 before embed into the code. It required more space, but was safer.