scottyab/AESCrypt-Android scottyab/AESCrypt-Android

  • This repository has been archived on 20/Dec/2017
  • Stars
    star
    640
  • Rank 70,324 (Top 2 %)
  • Language
    Java
  • License
    Apache License 2.0
  • Created about 10 years ago
  • Updated almost 7 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
scottyab/AESCrypt-Android
github

scottyab

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Simple API to perform AES encryption on Android. This is the Android counterpart to the AESCrypt library Ruby and Obj-C (with the same weak security defaults :( ) created by Gurpartap Singh. https://github.com/Gurpartap/aescrypt

AESCrypt-Android

Android Arsenal

Simple API to perform AES encryption on Android with no dependancies. This is the Android counterpart to the AESCrypt library Ruby and AESCrypt-ObjC created by Gurpartap Singh. It used the same weak :'( security defaults i.e Blank IV noted below.

For compatiblity with AESCrypt, AESCrypt-Android has the same defaults namely:

  • 256-bit AES key
  • CBC mode
  • PKCS7Padding
  • Blank/Empty IV (default)*

*Using CBC with the default blank IV is vulnerable. This has been left in for compatibility with AESCrypt implementations. See Adv method for providing your own IV. If you don't need to be compatable with AESCrypt then look at java-aes-crypto it's API is just as simple and generates more secure keys.

Dependency

Download from Maven Central (.aar)

or

dependencies {
  compile 'com.scottyab:aescrypt:0.0.1'
}

Usage

Encrypt

String password = "password";
String message = "hello world";	
try {
    String encryptedMsg = AESCrypt.encrypt(password, message);
}catch (GeneralSecurityException e){
    //handle error
}

Decrypt

String password = "password";
String encryptedMsg = "2B22cS3UC5s35WBihLBo8w==";
try {
    String messageAfterDecrypt = AESCrypt.decrypt(password, encryptedMsg);
}catch (GeneralSecurityException e){
     //handle error - could be due to incorrect password or tampered encryptedMsg
}

Recommended Advanced usage

Please if you are going to use this library provide your own key, and use a different IV per message that you encrypt..

AESCrypt.encrypt(final SecretKeySpec key, final byte[] iv, final byte[] message)

AESCrypt.decrypt(final SecretKeySpec key, final byte[] iv, final byte[] decodedCipherText)

Note: for flexibility these 'adv' methods don't provide BASE64 encoding/decoding.

Debugging/Logging

To enable logging simple change switch on the logging flag as shown below.

AESCrypt.DEBUG_LOG_ENABLED = true;

Remember to disable in Live, recommend the below snippet if possible

if (BuildConfig.DEBUG) {
    AESCrypt.DEBUG_LOG_ENABLED = true;
}

To be honest it's a strech to call this a library given it's only a single util class, but I created as went through a ton of pain working out the conpatible settings for AESCrypt. I hope this will save some one time in the future.

Contributing

I welcome pull requests, issues and feedback.

  • Fork it
  • Create your feature branch (git checkout -b my-new-feature)
  • Commit your changes (git commit -am 'Added some feature')
  • Push to the branch (git push origin my-new-feature)
  • Create new Pull Request

Licence

Copyright (c) 2014 Scott Alexander-Bown

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

More Repositories

1

rootbeer

Simple to use root checking Android library and sample app
Java
2,439
star
2

secure-preferences

Android Shared preference wrapper than encrypts the values of Shared Preferences. It's not bullet proof security but rather a quick win for incrementally making your android app more secure.
Java
1,526
star
3

showhidepasswordedittext

Show/Hide Password EditText is a very simple extension of Android's EditText that puts a clickable hide/show icon in the right hand side of the EditText that allows showing of the password.
Java
557
star
4

safetynethelper

SafetyNet Helper wraps the Google Play Services SafetyNet.API and verifies Safety Net API response with the Android Device Verification API.
Java
331
star
5

ssl-pin-generator

Simple jar to generate SSL pins based on a certificate's public key. Pins are base-64 SHA-1 hashes by default.
Java
94
star
6

androidkeystore

This started out as the sample project from Android sdk modified folder structure to for eclipse.
Java
53
star
7

HeartBeatView

Simple custom view of a beating heart using scaling animation.
Java
44
star
8

FuzzyDateAndroid

Create more relax human reabable dates and times just like twitter, stackoverflow.
Java
19
star
9

android-device-stats

Device Stats is a designs for people developing Android apps to quickly and easier see the exact specs of a device. Ideal for test devices where you aren't 100% sure on the resource qualifiers.
Java
12
star
10

android-environment-configuration-sample

Sample app used in blog post to illustrate a way of externallising config strings and adding DexGuard protection
Java
5
star
11

restart-counter-android

Simple app to count the number of restarts
Java
2
star
12

sample-location-based-image-tracker

Interview sample Location based image tracker that uses Flickr
Kotlin
1
star
13

meetup-java-client

Automatically exported from code.google.com/p/meetup-java-client
Java
1
star
14

EmbedExample

Standalone example app and library that used FatAAR plugin. Created to diagnose build issue we are seeing with production project
Kotlin
1
star
15

scottyab

Personal about me page
1
star