Set cryptographic key fixed

Asked

Viewed 311 times

1

The code below is working perfectly for both encryption and decryption, however, when closing the app and putting the generated code before closing it (I open the encryption app a word and close the app and when back to lap to decrypt the message).

It happens that it does not work when I do this and my intention is that it works, both closing and opening so much for another phone that has the same APP installed.

I think I should put a fixed key instead of the "SecretKeySpec".

But I am not knowing how to implement a way to leave the cryptographic key fixed instead of being generated would be for ex "123", so that you could decipher the message generated from any other Cell with the app or from the same phone ( in case of close and open).

import android.util.Base64;

import java.security.MessageDigest;
import java.security.spec.AlgorithmParameterSpec;

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/**
 * Created by thiago.goncalves on 22/02/2016.
 */
public class Encripta {

    private final Cipher cipher;
    private  final SecretKeySpec key ;
    private AlgorithmParameterSpec spec;
    public static final String SEED_16_CHARACTER = "U1MjU1M0FDOUZ.Qz";


    public Encripta() throws Exception {
        // hash password with SHA-256 and crop the output to 128-bit for key
        MessageDigest digest = MessageDigest.getInstance("SHA-256");
        digest.update(SEED_16_CHARACTER.getBytes("UTF-8"));
        byte[] keyBytes = new byte[32];
        System.arraycopy(digest.digest(), 0, keyBytes, 0, keyBytes.length);



        cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
        key = new SecretKeySpec(keyBytes, "AES");

        byte[] key  = "secret".getBytes();
      //  String IV     = "12345678";
        spec = getIV();
    }

    public AlgorithmParameterSpec getIV() {
        byte[] iv = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, };
        IvParameterSpec ivParameterSpec;
        ivParameterSpec = new IvParameterSpec(iv);

        return ivParameterSpec;
    }



    public String encrypt(String plainText) throws Exception {

        cipher.init(Cipher.ENCRYPT_MODE, key, spec);
        byte[] encrypted = cipher.doFinal(plainText.getBytes("UTF-8"));
        String encryptedText = new String(Base64.encode(encrypted,
                Base64.DEFAULT), "UTF-8");

        return encryptedText;
    }

    public String decrypt(String cryptedText) throws Exception {
        cipher.init(Cipher.DECRYPT_MODE, key, spec);
        byte[] bytes = Base64.decode(cryptedText, Base64.DEFAULT);
        byte[] decrypted = cipher.doFinal(bytes);
        String decryptedText = new String(decrypted, "UTF-8");

        return decryptedText;
    }

}
java android security-guard cryptography

  • Don’t use a fixed IR! IV has to be random or at least different each time you encrypt a new data (globally - you never should repeat an IV throughout the life cycle of your key). Otherwise, all encryption security goes down...

1 answer

1

In fact your key is already fixed!

Note that to create your Secretkeyspec, you use the bytes of SEED_16_CHARACTER.

Summing up the constructor: 

//cria um MessageDigest de SHA-256
 MessageDigest digest = MessageDigest.getInstance("SHA-256");
// pega os bytes de sua chave
final byte[] seedBytes = SEED_16_CHARACTER.getBytes("UTF-8”);
// set no digest
digest.update(seedBytes);

cipher = Cipher.getInstance("AES/CBC/PKCS7Padding”);
// cria uma chave com os bytes da chave
key = new SecretKeySpec(seedBytes, "AES");

I ran some tests, and here it worked perfectly, I encrypted one and decrypted the other without problems !

Follow the test:

Encrypta.java

public class Encrypta {

    private final Cipher cipher;
    private  final SecretKeySpec key ;
    private AlgorithmParameterSpec spec;
    public static final String SEED_16_CHARACTER = "Olá Mundo 12345";


    public Encrypta() throws Exception {
        MessageDigest digest = MessageDigest.getInstance("SHA-256");
        final byte[] seedBytes = SEED_16_CHARACTER.getBytes("UTF-8");
        digest.update(seedBytes);
        cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
        key = new SecretKeySpec(seedBytes, "AES");
        spec = getIV();
    }

    public AlgorithmParameterSpec getIV() {
        byte[] iv = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
        IvParameterSpec ivParameterSpec;
        ivParameterSpec = new IvParameterSpec(iv);

        return ivParameterSpec;
    }



    public String encrypt(String plainText) throws Exception {

        cipher.init(Cipher.ENCRYPT_MODE, key, spec);
        byte[] encrypted = cipher.doFinal(plainText.getBytes("UTF-8"));
        String encryptedText = new String(Base64.encode(encrypted,
                Base64.DEFAULT), "UTF-8");

        return encryptedText;
    }

    public String decrypt(String cryptedText) throws Exception {
        cipher.init(Cipher.DECRYPT_MODE, key, spec);
        byte[] bytes = Base64.decode(cryptedText, Base64.DEFAULT);
        byte[] decrypted = cipher.doFinal(bytes);
        String decryptedText = new String(decrypted, "UTF-8");
        return decryptedText;
    }

}

Mainactivity.java

public class MainActivity extends AppCompatActivity {


    private EditText editText;
    private EditText textView;

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);

        editText = EditText.class.cast(findViewById(R.id.editText));
        textView = EditText.class.cast(findViewById(R.id.textView));
        Button.class.cast(findViewById(R.id.button)).setOnClickListener(new View.OnClickListener() {
            @Override
            public void onClick(View v) {
                encripta();
            }
        });
        Button.class.cast(findViewById(R.id.button2)).setOnClickListener(new View.OnClickListener() {
            @Override
            public void onClick(View v) {
                desencripta();
            }
        });
    }


    private void desencripta(){
        final String txt = editText.getText().toString();
        try {
            final Encrypta encrypta = new Encrypta();
            String result = encrypta.decrypt(txt);
            textView.setText(result);
        } catch (Exception e) {
            e.printStackTrace();
        }


    }
    private void encripta(){
        final String txt = editText.getText().toString();
        try {
            final Encrypta encrypta = new Encrypta();
            String result = encrypta.encrypt(txt);
            textView.setText(result);
        } catch (Exception e) {
            e.printStackTrace();
        }

    }

}

xml

<?xml version="1.0" encoding="utf-8"?>
<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
    xmlns:tools="http://schemas.android.com/tools"
    android:layout_width="match_parent"
    android:layout_height="match_parent"
    android:paddingBottom="@dimen/activity_vertical_margin"
    android:paddingLeft="@dimen/activity_horizontal_margin"
    android:paddingRight="@dimen/activity_horizontal_margin"
    android:paddingTop="@dimen/activity_vertical_margin"
    tools:context="com.ceabs.library.shared.MainActivity">


    <EditText
        android:layout_width="wrap_content"
        android:layout_height="wrap_content"
        android:id="@+id/editText"
        android:layout_alignParentTop="true"
        android:layout_alignParentStart="true"
        android:layout_alignParentEnd="true" />

    <EditText
        android:layout_width="wrap_content"
        android:layout_height="wrap_content"
        android:textAppearance="?android:attr/textAppearanceLarge"
        android:text="Large Text"
        android:id="@+id/textView"
        android:layout_below="@+id/editText"
        android:layout_alignParentStart="true"
        android:layout_alignEnd="@+id/editText" />

    <Button
        android:layout_width="wrap_content"
        android:layout_height="wrap_content"
        android:text="+"
        android:id="@+id/button"
        android:layout_below="@+id/textView"
        android:layout_alignParentStart="true"
        android:layout_marginTop="81dp" />

    <Button
        android:layout_width="wrap_content"
        android:layout_height="wrap_content"
        android:text="-"
        android:id="@+id/button2"
        android:layout_alignBottom="@+id/button"
        android:layout_alignParentEnd="true" />
</RelativeLayout>

If you still can’t, check the Strings that are being generated, to see if there is any difference.

  • Thank you again Thiago... Dude I’m still studying the code well but I can’t explain why it was going wrong, I noticed some differences in the creations and calls of txts, edits etc ja I’m using a... But your code helped me a lot, I’ll study to try to improve here but now it’s working the way I intended to create, of course it’s for unprofessional study purposes yet. Thanks for the help!

Browser other questions tagged java android security-guard cryptography

You are not signed in. Login or sign up in order to post.