simbiose / encryption Goto Github PK
View Code? Open in Web Editor NEWEncryption is a simple way to encrypt and decrypt strings on Android and Java project.
License: MIT License
Encryption is a simple way to encrypt and decrypt strings on Android and Java project.
License: MIT License
dear developer ,
you work is good. but i cant import this project in my eclipse .and also tell me how to encrypt my string url in android project.
Hi
i like your library.I need its maven dependency, is it on Maven central ?
I have saved password in database mysql and now i want login via web browser.. how to decrypt?
There are several points making the key derivation weaker than it could be, the main problem being SHA1 which caps the entropy at 160 bit. Also there already are known SHA1-collision making SHA1 a broken hash function. While the impact on key derivation is limited, you better are safe-than-sorry when it comes to encryption.
I can see that you published aar into Maven repo. However it looks like there are no something special for Android in your lib. It will be better to publish it as usual jar. Also it will be cool to remove android package dependencies.
Currently I cannot use your library in simple Java or Gradle/Groovy.
Hi i am using this library to store values in shared pref , currently i'm using version 1.2.0 .
in my onCreate Method i'm getting values from sharedpref and after decryption i'm storing in variables . Now my problem is that Its taking too much time and also when i generate Signed APK with release build type , its returns Null in decyryptornull method .
Please help
Hi, I tried to use the openssl tool for encrypt according to the standard build of this library, but I was not successful, could you help me?
Maybe I'm not going wrong IV, because in the library it only accepts 16 bytes after converting to byteArray
I try: openssl aes-128-cbc -e -pbkdf2 -salt -S "----------------" -iv "--------------------------------" -iter 1 -in ./tls_key_original.key -out tls_openssl.key -pass pass:"----------------" -base64
Readme says lesser GPL but the license file is general GPL.
Hello,
I still obtaining following Exception randomly during the sync (encrypt/decrypt) of the values.
I have no idea how to avoid the following Exception, what I'm doing wrong? Encryption/Decryption is processed in async services. Many thanks for any hint.
03-05 10:29:28.624 2633-2835/? W/System.err: javax.crypto.IllegalBlockSizeException: error:1e00007b:Cipher functions:OPENSSL_internal:WRONG_FINAL_BLOCK_LENGTH
03-05 10:29:28.624 2633-2835/? W/System.err: at com.android.org.conscrypt.NativeCrypto.EVP_CipherFinal_ex(Native Method)
03-05 10:29:28.624 2633-2835/? W/System.err: at com.android.org.conscrypt.OpenSSLCipher$EVP_CIPHER.doFinalInternal(OpenSSLCipher.java:570)
03-05 10:29:28.624 2633-2835/? W/System.err: at com.android.org.conscrypt.OpenSSLCipher.engineDoFinal(OpenSSLCipher.java:351)
03-05 10:29:28.624 2633-2835/? W/System.err: at javax.crypto.Cipher.doFinal(Cipher.java:1736)
03-05 10:29:28.624 2633-2835/? W/System.err: at se.simbio.encryption.Encryption.decrypt(Encryption.java:179)
03-05 10:29:28.624 2633-2835/? W/System.err: at com.mypackage.security.Security.decryptString(Security.java:127)
03-05 10:29:28.624 2633-2835/? W/System.err: at android.os.AsyncTask$2.call(AsyncTask.java:333)
03-05 10:29:28.624 2633-2835/? W/System.err: at java.util.concurrent.FutureTask.run(FutureTask.java:266)
03-05 10:29:28.624 2633-2835/? W/System.err: at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:245)
03-05 10:29:28.624 2633-2835/? W/System.err: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
03-05 10:29:28.624 2633-2835/? W/System.err: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
03-05 10:29:28.624 2633-2835/? W/System.err: at java.lang.Thread.run(Thread.java:764)
My Encrypt, Decrypt methods are following:
public String decryptString(final String string, Context context) {
String decryptedString;
if (Constants.Global.ENCRYPTION_ENABLED) {
//Logger.d("decrypting " + string);
if (string != null) {
try {
decryptedString = encryptionInstance.decrypt(string);
} catch (Exception e) {
decryptedString = "";
e.printStackTrace();
}
} else {
decryptedString = "";
}
} else {
decryptedString = string;
}
return decryptedString;
}
public String encryptString(final String string, Context context) {
String encryptedString;
if(Constants.Global.ENCRYPTION_ENABLED) {
//Logger.d("encrypting " + string);
if(string != null) {
try {
encryptedString = encryptionInstance.encrypt(string);
} catch (Exception e) {
encryptedString = "";
e.printStackTrace();
}
} else {
encryptedString = "";
}
} else {
encryptedString = string;
}
return encryptedString;
}
I want to use this into my project ,I use maven , so I add encrytion's dependecy ,but maven can't download source . Do you know how to solve this problem?
Please mention the proguard settings to be used with this library.
With minifyEnabled I am getting this exception
java.lang.IncompatibleClassChangeError: Expected 'byte[] third.part.android.util.c.a' to be a instance field rather than a static field (declaration of 'third.part.android.util.c' appears in /base.apk)
`at third.part.android.util.c.(Unknown Source)
at third.part.android.util.Base64.d(Unknown Source)
at third.part.android.util.Base64.c(Unknown Source)
at third.part.android.util.Base64.encodeToString(Unknown Source)
at se.simbio.encryption.Encryption.b(Unknown Source)
at se.simbio.encryption.Encryption.decrypt(Unknown Source)`
Hi, how would I use the encrypt/decrypt async in Activity? I already implemented the Encryption.Callback. What should I do next? Thanks!
The encrypted data is not authenticated, thus allowing easy manipulation of the ciphertext with predictable changes to the plaintext. This is especially bad as unauthenticated AES-CBC often leads to padding oracle attacks which allow the recovery of the plaintext by an active adversary.
How to fix:
Apply a secure message-authentication-code (MAC) like HMAC-SHA256 on the ciphertext and the IV. Always check the MAC BEFORE decrypting the ciphertext.
Alternatively, use an AAD-Scheme like AES-GCM or ChaCha20-Ploy1305.
It's my understanding that the default cipher mode for AES with javax.crypto.cipher
is ECB. You aren't specifying anything else, so it looks like that's what your utility uses. AES used in ECB mode is insecure. Duplicate plaintext blocks will result in the same ciphertext every time.
This can be mitigated by using AES in CBC mode with random IVs from a cryptographically secure pseudo-random number generator (CSPRNG). I'm not very familiar with Java, but I think that SecureRandom
is considered secure as long as you do not seed it manually.
How about making a javascript port ?
I'm trying to encrypt text from an EditText field, which is input by the user assigned an equated variable which goes through the encryption process. It does not recognize [EditText].text as a string but an editable. Is there any way to use user's input instead of hardcoding a string?
Starting in Android P, Crypto JCA provider has been removed. Calls to SecureRandom.getInstance("SHA1PRNG", "Crypto") will throw NoSuchProviderException.
I am porting some of my server code from java to C# which uses this library. Can any body help me conversion or equivalent logic in C#
Hi,
I'm using this as a class (seen it in stackOverFlow), but it's not working for me.
I have an application that makes a xml file and then sends it to another device. I encrypted the file in the first one, then the second one has to decrypt it and read it and then open another application which has to decrypt it one more time. This another app is the one that encrypted the file in the first device.
I have tried to use just one device (I create the file, then move it manually to a directory and read it from the application) and it works ok, but when i send the file from one device to another I get a "last block incomplete in decryption" exception. Why is this? how do I solve it?
thanks in advance
....
I expect to get null
any time when decryption failed while using decryptOrNull
, but sometimes it returns junk when decrypting with invalid key.
Here is a test:
public class EncryptUnitTest {
private final static String SALT = "1EykVsCVKk1pkZq08PDGTg";
private final static byte[] IV = new byte[] {
55, -115, 76, -14, 79, -107, -115, 35,
-122, -24, -76, -82, 39, -92, 104, 41
};
@Test
public void encrypt_isWorking() throws Exception {
String validPin = "0000";
String invalidPin = "2222"; // "5555" works as well
String password = "Terminator_2";
Encryption enc = Encryption.getDefault(validPin, SALT, IV);
String encryptedPassword = enc.encryptOrNull(password);
assertNotNull(encryptedPassword); // encrypted password, ok
// decrypt using invalid key
Encryption dec = Encryption.getDefault(invalidPin, SALT, IV);
String decryptedPassword = dec.decryptOrNull(encryptedPassword);
assertNull(decryptedPassword); // FAILED: must be null, but it's junk
}
}
This test fails on assertNull
with message:
java.lang.AssertionError: expected null, but was:<�f �����S��!Q��>
I suspect the padding block is OK in this case and library threats this situation as successful decryption.
Please add possibility to specify different algorithms for SecretKey and Cipher.
As we know that we can encrypt and decrypt the String , instead of string i want to use it with file password protected. How may I do that?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.