Home Java javaTutorial Android encryption tools for beginners

Android encryption tools for beginners

Nov 30, 2016 am 10:10 AM
android

More and more hackers are targeting mobile applications, and the number is increasing every day, because mobile applications contain things that hackers are interested in, such as user data. Hard-coded (note, hard-coded, cannot be modified) security keys, personal information stored in plain text on the SD card, usernames and passwords stored unencrypted in the database, collected analytics (analytics) and stored in plain text method is sent to the remote server, these conditions make the attack easier (successful).

Android encryption tools for beginners

Proper use of Cryptography tools can protect our sensitive data and ensure privacy and data integrity. On the other hand, cryptography is hard to use and easy to misuse. Be aware of broken cryptography (e.g., using insecure algorithms, or hard-coding keys into binary packages), see the list of the top 10 risks in mobile in 2014. So, what are the lessons from this? It is not advisable not to use encryption, but it is also not advisable not to encrypt correctly (not to mention the time consumed).

 In order to develop secure applications on the Android platform, next we will introduce how to perform encryption easily and securely.

 First, let’s briefly introduce some common encryption libraries that can be integrated into Android applications. A cryptographic library is a collection of cryptographic tools that includes tools such as encryption algorithms, padding methods, and hash functions.

 Bouncy Castle

 Legion of the Bouncy Castle is a public welfare group from Australia. They wrote Bouncy Castle, a widely used class library. This library provides both a lightweight cryptography API and a provider of Java Cryptozoology Extensions (JCE). The Android platform already has a streamlined old version of Bouncy Castle built in (some minor changes have also been made to adapt to the Android platform). The result is that any attempt to build and use the latest version of the BouncyCastle class library in an application will cause a class loading conflict.

  Spongy Castle

  The motivation behind Spongy Castle is to allow Android developers to use any version of the BouncyCastle library in their applications. SpongyCastle is a simple repackage of the latest version of BouncyCastle; all org.bouncycastle.* packages are renamed to org.spongycastle.*, and the names of all Java security API providers are changed from BC to SC.

 OpenSSL

 OpenSSL is an open source toolkit that implements SSL and TLS protocols and a common cryptographic library. OpenSSL has been ported to many platforms, including Android. As an alternative, you can build from source (using the Android NDK) and then bundle it into your application.

Now let’s assume that for application purposes, you want to encrypt some data. Which encryption algorithm will you use, AES or DES? How long is your secret key, 128 or 256 bits? Which encryption mode will you use, ECB or CBC? If you don’t have answers to any of these questions, and no good reasons, then you may find that you’re in that delicate position where, although you have all the tools you want, you’re not at all sure which one to use and how. use.

This is where the Cryptozoology Toolkit for Dummies comes into play. These toolkits do not implement any fancy cryptographic functionality, nor do they attempt to replace any of the cryptography libraries mentioned above; instead, they are built on top of these libraries with the sole purpose of making using cryptographic functionality easier and more secure.

 Contrary to general cryptography libraries, these toolkits usually only support a subset of algorithms, modes, structures, and parameters. These toolkits give you reasonable defaults for setting up common encryption tools, in case you know what you want, but don't know how to use it, or just care about having a secure solution in the end. Let's examine a few of these toolkits to better understand how they work.

 Keyczar

 Keyczar is a set of open source toolkits originally developed by two members of the Google Security Team. It is implemented in Java, Python and C++ languages. It supports two authentication methods: symmetric encryption and fee-based encryption. Keyczar provides secure default settings, including algorithms, key length and mode, key rotation and versioning, automatic generation of initialization vectors and authorization codes, and supports internationalization. The toolkit is built on JCE, (here) and uses Spongy Castle's security provider.

 AeroGear Crypto

 AeroGear Crypto is a small Java library provided by AeroGear. It supports certifiable symmetric encryption, elliptic curve encryption, and password-based key derivation. It also provides explicit specification of the algorithm. AeroGear Crypto depends on Spongy Castle on the android platform and Bouncy Castle on other platforms. The library is also available on iOS, Windows Phone and Cordova.

 Conceal

 To enable encryption and authentication of large files on SD cards quickly and using very little memory, Facebook developed Conceal. Conceal can perform both authentication and encryption, and also provides key management functions by default. It uses OpenSSL, but only includes the parts it needs, so its size is only 85KB. Results published on the Conceal site show it to be better than Bouncy Castle.

 The following table summarizes the encryption libraries introduced above. Please note: all of the libraries described above allow cryptography novices to encrypt securely, but advanced developers are free to override these defaults and specify all the encryption details as they wish (just as they would with other cryptographic libraries). That way).

AeroGear Crypto AeroGear Apache 2.0

Conceal Facebook BSD

Keyczar – Apache 2.0

Crypto Library Development Company License

Summary (To sum up)

 If you are a mobile application Developers, you have to spend time (effort) to make your application user-friendly, feature-rich, and eye-catching, but don’t forget to improve the security of your application. If you don’t know how to get started, or are worried about not getting it right, then choose one of the toolkits mentioned in the article to get started. No matter which encryption tool you decide to use, you should avoid implementing encryption algorithms and encryption protocols yourself; you should only use those algorithms and protocols that are widely used, generally recognized, and tested.


Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot Article Tags

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

New report delivers damning assessment of rumoured Samsung Galaxy S25, Galaxy S25 Plus and Galaxy S25 Ultra camera upgrades New report delivers damning assessment of rumoured Samsung Galaxy S25, Galaxy S25 Plus and Galaxy S25 Ultra camera upgrades Sep 12, 2024 pm 12:23 PM

New report delivers damning assessment of rumoured Samsung Galaxy S25, Galaxy S25 Plus and Galaxy S25 Ultra camera upgrades

Samsung Galaxy S25 Ultra leaks in first render images with rumoured design changes revealed Samsung Galaxy S25 Ultra leaks in first render images with rumoured design changes revealed Sep 11, 2024 am 06:37 AM

Samsung Galaxy S25 Ultra leaks in first render images with rumoured design changes revealed

IFA 2024 | TCL\'s NXTPAPER 14 won\'t match the Galaxy Tab S10 Ultra in performance, but it nearly matches it in size IFA 2024 | TCL\'s NXTPAPER 14 won\'t match the Galaxy Tab S10 Ultra in performance, but it nearly matches it in size Sep 07, 2024 am 06:35 AM

IFA 2024 | TCL\'s NXTPAPER 14 won\'t match the Galaxy Tab S10 Ultra in performance, but it nearly matches it in size

Vivo Y300 Pro packs 6,500 mAh battery in a slim 7.69 mm body Vivo Y300 Pro packs 6,500 mAh battery in a slim 7.69 mm body Sep 07, 2024 am 06:39 AM

Vivo Y300 Pro packs 6,500 mAh battery in a slim 7.69 mm body

New report delivers damning assessment of rumoured Samsung Galaxy S25, Galaxy S25 Plus and Galaxy S25 Ultra camera upgrades New report delivers damning assessment of rumoured Samsung Galaxy S25, Galaxy S25 Plus and Galaxy S25 Ultra camera upgrades Sep 12, 2024 pm 12:22 PM

New report delivers damning assessment of rumoured Samsung Galaxy S25, Galaxy S25 Plus and Galaxy S25 Ultra camera upgrades

Samsung Galaxy S24 FE billed to launch for less than expected in four colours and two memory options Samsung Galaxy S24 FE billed to launch for less than expected in four colours and two memory options Sep 12, 2024 pm 09:21 PM

Samsung Galaxy S24 FE billed to launch for less than expected in four colours and two memory options

Motorola Razr 50s shows itself as possible new budget foldable in early leak Motorola Razr 50s shows itself as possible new budget foldable in early leak Sep 07, 2024 am 09:35 AM

Motorola Razr 50s shows itself as possible new budget foldable in early leak

Xiaomi Redmi Note 14 Pro Plus arrives as first Qualcomm Snapdragon 7s Gen 3 smartphone with Light Hunter 800 camera Xiaomi Redmi Note 14 Pro Plus arrives as first Qualcomm Snapdragon 7s Gen 3 smartphone with Light Hunter 800 camera Sep 27, 2024 am 06:23 AM

Xiaomi Redmi Note 14 Pro Plus arrives as first Qualcomm Snapdragon 7s Gen 3 smartphone with Light Hunter 800 camera

See all articles