7
I have found several examples by Google, but none that explains how a java encryption works with AES... How it works?
In an example of the net, the guy quotes that he has to use a key, but it doesn’t explain why or what it’s for;
ex:
public static final byte[] CHAVE = {85, 10, 0, -25, 68, 88, 46, 37, 107, 48, 10, -1, -37, -90, 70, -36};
What’s the key for? Could it be any value? What is different about this AES from the others? Works on Android?
Edit: After a conversation in the comments, I understood that I have to use a static key, because I will use it in a game, only to save a value using Shared pref. android. This value is the highest player rank!
But still fit my question, can be any value? I understood nothing of this example (the key I posted)...
The AES operates in the same way as an independent platform, operating system or any type of technology that is used, since it is a set of mathematical operations. It’s an algorithm. You can find all the scientific blah-blah on the wiki (warning: unless you have a hard-on for these things, it’s very booooooring).
– Oralista de Sistemas
Another thing: the key serves to ensure that only someone with the correct key (the same as the encryption for symmetric algorithms, or the other key of the pair in the case of asymmetric algorithms) can decrypt the message. Otherwise it is not encryption, because if there is no key anyone can decipher your messages. If someone wants to develop these ideas in a more complete answer, earn my +1.
– Oralista de Sistemas
I saw that it has to generate a key, making the application more secure, but in my case, I believe that this is impossible, I need to record an encrypted information in a file generated by Shared pref of Android, I believe then that the key would have to be static! But how does this key work? By the example I quoted... it could be any value?
– felipe.rce
The key is a byte set which is used to encrypt the information you need to hide - for this reason, it usually works with Arrays bytes (like .NET and Java, at least). The result of an encryption is a set of bytes that makes no sense to anyone or anything until it’s decrypted. In the case of AES, this set can only be decrypted with the same key that was used in the encryption. Its security depends on that key being secret. Think of information encrypted as gold inside a safe, and the key as the combination that opens the safe ;)
– Oralista de Sistemas
Let’s look at it from a different angle: you encrypt information to keep it secret. If you leave the key next to the encrypted file, you are not hiding anything, at least not on the Android device where the key will stay. Maybe you want to do something simpler than encryption? If you include your final goal in the question, perhaps someone might suggest other means of achieving it.
– Oralista de Sistemas
I thought a lot and I think the solution is this, because it’s for a game I’ve done, but it has a small flaw... The rank (only the best) is recorded with Shared pref. A person with root access can easily change this file by increasing its rank, I use this file only to record the rank and return this data when starting the Gameover screen... In the case of encryption I would generate a static key, but it would not be stored in the file, only the value of the encrypted rank would be!
– felipe.rce
Also no use Sqlite, would in the same, I only store a value... The problem is someone change this value, I know there are hackers who break down the APK and can read even I using proguard, but I wanted to at least prevent the noobs and laymen from changing the rank
– felipe.rce
You will never stop an unoccupied hacker from tampering with your APK. But as this is a game and not a bank or military application, I find it peaceful to leave the key in the code. I hope someone can give you a proper answer and with examples here (I myself am a zero left with Java...)
– Oralista de Sistemas