All geek questions in one place

Does Javax.crypto work differently in different versions of Android OS?

I use this piece of code to encrypt / decrypt data in an application database:

http://www.androidsnippets.com/encryptdecrypt-strings

It seems that the operation javax.crypto.KeyGenerator.generateKey () works differently in Android 2.3.3 than in other (previous?) Versions. Naturally, this presents a serious problem for my users when they upgrade their device from 2.2 to 2.3.3, and the application starts throwing errors while decrypting the database.

Is this a known issue? Am I using the crypto library incorrectly? Does anyone have any suggestions to fix this so that the data encrypted in 2.2 can be decrypted in version 2.3.3?

I built a test application that passes values ​​through an encryption function. When I run it on 2.2 AVD, I get one result. When I run it on 2.3.3 AVD, I get a different result.

import java.security.SecureRandom; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; import android.app.Activity; import android.os.Bundle; import android.widget.TextView; public class main extends Activity { TextView tvOutput; static String out; String TEST_STRING = "abcdefghijklmnopqrstuvwxyz"; String PASSKEY = "ThePasswordIsPassord"; /** Called when the activity is first created. */ @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.main); tvOutput = (TextView) findViewById(R.id.tvOutput); } @Override public void onResume() { super.onResume(); out = ""; runTest(); tvOutput.setText(out); } private void runTest() { out = "Test string: " + TEST_STRING + "\n"; out += "Passkey: " + PASSKEY + "\n"; try { out += "Encrypted: " + encrypt(PASSKEY, TEST_STRING) + "\n"; } catch (Exception e) { out += "Error: " + e.getMessage() + "\n"; e.printStackTrace(); } } public static String encrypt(String seed, String cleartext) throws Exception { byte[] rawKey = getRawKey(seed.getBytes()); byte[] result = encrypt(rawKey, cleartext.getBytes()); return toHex(result) + "\n" + "Raw Key: " + String.valueOf(rawKey) + "\n"; } private static byte[] getRawKey(byte[] seed) throws Exception { KeyGenerator kgen = KeyGenerator.getInstance("AES"); SecureRandom sr = SecureRandom.getInstance("SHA1PRNG"); sr.setSeed(seed); kgen.init(128, sr); // 192 and 256 bits may not be available SecretKey skey = kgen.generateKey(); byte[] raw = skey.getEncoded(); return raw; } private static byte[] encrypt(byte[] raw, byte[] clear) throws Exception { SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES"); Cipher cipher = Cipher.getInstance("AES"); cipher.init(Cipher.ENCRYPT_MODE, skeySpec); byte[] encrypted = cipher.doFinal(clear); return encrypted; } public static String toHex(String txt) { return toHex(txt.getBytes()); } public static String fromHex(String hex) { return new String(toByte(hex)); } public static byte[] toByte(String hexString) { int len = hexString.length() / 2; byte[] result = new byte[len]; for (int i = 0; i < len; i++) result[i] = Integer.valueOf(hexString.substring(2 * i, 2 * i + 2), 16).byteValue(); return result; } public static String toHex(byte[] buf) { if (buf == null) return ""; StringBuffer result = new StringBuffer(2 * buf.length); for (int i = 0; i < buf.length; i++) { appendHex(result, buf[i]); } return result.toString(); } private final static String HEX = "0123456789ABCDEF"; private static void appendHex(StringBuffer sb, byte b) { sb.append(HEX.charAt((b >> 4) & 0x0f)).append(HEX.charAt(b & 0x0f)); } }

My main.xml layout is as follows:

  <?xml version="1.0" encoding="utf-8"?> <LinearLayout xmlns:android="http://schemas.android.com/apk/res/android" android:orientation="vertical" android:layout_width="fill_parent" android:layout_height="fill_parent"> <TextView android:layout_width="fill_parent" android:layout_height="wrap_content" android:id="@+id/tvOutput" /> </LinearLayout>

I cannot send links or images since I am a new user, but you can decrypt the URLs for the following two images if you want to see the results:

What I get from version 2.2:

wct.vg/wt/droid/2.2.png

.. and from 2.3.3:

wct.vg/wt/droid/2.3.3.png

+6
source share
3 answers

You are using the pseudo random number generator incorrectly, and this seed as a function of key derivation is really a very bad style. The "SHA1PRNG" pseudo random number generator is not a standard like AES, so you never know which implementation you will get. See Also Is there a SHA1PRNG standard ?

It is not surprising that you get different results. Obtaining a deterministic result based on a given seed is not a property that can be expected from pseudorandom functions.

If you want to get a cryptographic key from a password, use the key derivation function , for example, PKCS # 5 / PBKDF2. Implementation of PBKDF2 - AFAIR included in Bouncy Castle.

+5
source

Answer to this question SO: BouncyCastle AES error when upgrading to 1.45

+2
source

I would like to thank everyone who contributed to this issue.

Here is what I ended up citing as an example of how to encrypt / decrypt with a password, which seems compatible between Android 2.2 and 2.3.3.

Primary activity:

 package cc.ndl.testencryption; import android.app.Activity; import android.os.Bundle; import android.widget.TextView; public class main extends Activity { TextView tvOutput; static String out; String TEST_STRING = "abcdefghijklmnopqrstuvwxyz"; static String PASSKEY = "ThePasswordIsPassord"; static byte[] SALT = { 1, 2, 4, 5 }; static int ITERATIONS = 1979; /** Called when the activity is first created. */ @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.main); tvOutput = (TextView) findViewById(R.id.tvOutput); } @Override public void onResume() { super.onResume(); out = ""; runTest(); tvOutput.setText(out); } private void runTest() { out = "Test string: " + TEST_STRING + "\n"; out += "Passkey: " + PASSKEY + "\n"; try { Crypto crypto = new Crypto(PASSKEY); String encryptedData = crypto.encrypt(TEST_STRING); out += "Encrypted: " + encryptedData + "\n"; out += "Decrypted: " + crypto.decrypt(encryptedData); } catch (Exception e) { out += "Error: " + e.getMessage() + "\n"; e.printStackTrace(); } } }

The main layout:

 <?xml version="1.0" encoding="utf-8"?> <LinearLayout xmlns:android="http://schemas.android.com/apk/res/android" android:orientation="vertical" android:layout_width="fill_parent" android:layout_height="fill_parent"> <TextView android:layout_width="fill_parent" android:layout_height="wrap_content" android:id="@+id/tvOutput" /> </LinearLayout>

Crypto Object:

 package cc.ndl.testencryption; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.KeySpec; import javax.crypto.Cipher; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.PBEParameterSpec; public class Crypto { Cipher ecipher; Cipher dcipher; // 8-byte Salt byte[] salt = { 1, 2, 4, 5, 7, 8, 3, 6 }; // Iteration count int iterationCount = 1979; Crypto(String passPhrase) { try { // Create the key KeySpec keySpec = new PBEKeySpec(passPhrase.toCharArray(), salt, iterationCount); SecretKey key = SecretKeyFactory.getInstance( "PBEWITHSHA256AND128BITAES-CBC-BC").generateSecret(keySpec); ecipher = Cipher.getInstance(key.getAlgorithm()); dcipher = Cipher.getInstance(key.getAlgorithm()); // Prepare the parameter to the ciphers AlgorithmParameterSpec paramSpec = new PBEParameterSpec(salt, iterationCount); // Create the ciphers ecipher.init(Cipher.ENCRYPT_MODE, key, paramSpec); dcipher.init(Cipher.DECRYPT_MODE, key, paramSpec); } catch (Exception e) { } } public String encrypt(String str) { String rVal; try { // Encode the string into bytes using utf-8 byte[] utf8 = str.getBytes("UTF8"); // Encrypt byte[] enc = ecipher.doFinal(utf8); // Encode bytes to base64 to get a string rVal = toHex(enc); } catch (Exception e) { rVal = "Error encrypting: " + e.getMessage(); } return rVal; } public String decrypt(String str) { String rVal; try { // Decode base64 to get bytes byte[] dec = toByte(str); // Decrypt byte[] utf8 = dcipher.doFinal(dec); // Decode using utf-8 rVal = new String(utf8, "UTF8"); } catch (Exception e) { rVal = "Error encrypting: " + e.getMessage(); } return rVal; } private static byte[] toByte(String hexString) { int len = hexString.length() / 2; byte[] result = new byte[len]; for (int i = 0; i < len; i++) result[i] = Integer.valueOf(hexString.substring(2 * i, 2 * i + 2), 16).byteValue(); return result; } private static String toHex(byte[] buf) { if (buf == null) return ""; StringBuffer result = new StringBuffer(2 * buf.length); for (int i = 0; i < buf.length; i++) { appendHex(result, buf[i]); } return result.toString(); } private final static String HEX = "0123456789ABCDEF"; private static void appendHex(StringBuffer sb, byte b) { sb.append(HEX.charAt((b >> 4) & 0x0f)).append(HEX.charAt(b & 0x0f)); } }
+1
source

Source: https://habr.com/ru/post/890286/

More articles:


All Articles