Java encryption with AES, how does it work?

Asked

Viewed 1,317 times

7

I have found several examples by Google, but none that explains how a java encryption works with AES... How it works?

In an example of the net, the guy quotes that he has to use a key, but it doesn’t explain why or what it’s for;

ex:

public static final byte[] CHAVE = {85, 10, 0, -25, 68, 88, 46, 37, 107, 48, 10, -1, -37, -90, 70, -36};

What’s the key for? Could it be any value? What is different about this AES from the others? Works on Android?

Edit: After a conversation in the comments, I understood that I have to use a static key, because I will use it in a game, only to save a value using Shared pref. android. This value is the highest player rank!

But still fit my question, can be any value? I understood nothing of this example (the key I posted)...

  • 1

    The AES operates in the same way as an independent platform, operating system or any type of technology that is used, since it is a set of mathematical operations. It’s an algorithm. You can find all the scientific blah-blah on the wiki (warning: unless you have a hard-on for these things, it’s very booooooring).

  • 1

    Another thing: the key serves to ensure that only someone with the correct key (the same as the encryption for symmetric algorithms, or the other key of the pair in the case of asymmetric algorithms) can decrypt the message. Otherwise it is not encryption, because if there is no key anyone can decipher your messages. If someone wants to develop these ideas in a more complete answer, earn my +1.

  • I saw that it has to generate a key, making the application more secure, but in my case, I believe that this is impossible, I need to record an encrypted information in a file generated by Shared pref of Android, I believe then that the key would have to be static! But how does this key work? By the example I quoted... it could be any value?

  • 1

    The key is a byte set which is used to encrypt the information you need to hide - for this reason, it usually works with Arrays bytes (like .NET and Java, at least). The result of an encryption is a set of bytes that makes no sense to anyone or anything until it’s decrypted. In the case of AES, this set can only be decrypted with the same key that was used in the encryption. Its security depends on that key being secret. Think of information encrypted as gold inside a safe, and the key as the combination that opens the safe ;)

  • Let’s look at it from a different angle: you encrypt information to keep it secret. If you leave the key next to the encrypted file, you are not hiding anything, at least not on the Android device where the key will stay. Maybe you want to do something simpler than encryption? If you include your final goal in the question, perhaps someone might suggest other means of achieving it.

  • I thought a lot and I think the solution is this, because it’s for a game I’ve done, but it has a small flaw... The rank (only the best) is recorded with Shared pref. A person with root access can easily change this file by increasing its rank, I use this file only to record the rank and return this data when starting the Gameover screen... In the case of encryption I would generate a static key, but it would not be stored in the file, only the value of the encrypted rank would be!

  • Also no use Sqlite, would in the same, I only store a value... The problem is someone change this value, I know there are hackers who break down the APK and can read even I using proguard, but I wanted to at least prevent the noobs and laymen from changing the rank

  • 2

    You will never stop an unoccupied hacker from tampering with your APK. But as this is a game and not a bank or military application, I find it peaceful to leave the key in the code. I hope someone can give you a proper answer and with examples here (I myself am a zero left with Java...)

Show 3 more comments

1 answer

5


Cryptographic keys are what define the output of the encryption algorithm. They are defined in bits. As in most programming languages the smallest possible unit is the byte, they are represented by bytes. One byte equals eight bits, so a 128-bit key will have 16 bytes.

You should not choose the key, nor should you even search for a key on the web. You must use a secure cryptographic key generator, which will generate a random key and will ensure that key has a high entropy.

In Java, one way to generate is this:

KeyGenerator keyGen = KeyGenerator.getInstance("AES");
keyGen.init(256); // Tamanho da chave como exemplo.
SecretKey secretKey = keyGen.generateKey();

Your other question, as raised in the comments, concerns the security of games on mobile devices. This is a complex issue, which involves different factors and depends on the technology used. Take into account that it is very difficult to create a completely safe game. Most of the most popular games in app stores have security holes.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.