Simple API to perform AES encryption on Android with no dependancies. This is the Android counterpart to the AESCrypt library Ruby and AESCrypt-ObjC created by Gurpartap Singh. It used the same weak :'( security defaults i.e Blank IV noted below.
For compatiblity with AESCrypt, AESCrypt-Android has the same defaults namely:
- 256-bit AES key
- CBC mode
- PKCS7Padding
- Blank/Empty IV (default)*
*Using CBC with the default blank IV is vulnerable. This has been left in for compatibility with AESCrypt implementations. See Adv method for providing your own IV. If you don't need to be compatable with AESCrypt then look at java-aes-crypto it's API is just as simple and generates more secure keys.
Download from Maven Central (.aar)
or
dependencies {
compile 'com.scottyab:aescrypt:0.0.1'
}String password = "password";
String message = "hello world";
try {
String encryptedMsg = AESCrypt.encrypt(password, message);
}catch (GeneralSecurityException e){
//handle error
}String password = "password";
String encryptedMsg = "2B22cS3UC5s35WBihLBo8w==";
try {
String messageAfterDecrypt = AESCrypt.decrypt(password, encryptedMsg);
}catch (GeneralSecurityException e){
//handle error - could be due to incorrect password or tampered encryptedMsg
}Please if you are going to use this library provide your own key, and use a different IV per message that you encrypt..
AESCrypt.encrypt(final SecretKeySpec key, final byte[] iv, final byte[] message)
AESCrypt.decrypt(final SecretKeySpec key, final byte[] iv, final byte[] decodedCipherText)
Note: for flexibility these 'adv' methods don't provide BASE64 encoding/decoding.
To enable logging simple change switch on the logging flag as shown below.
AESCrypt.DEBUG_LOG_ENABLED = true;
Remember to disable in Live, recommend the below snippet if possible
if (BuildConfig.DEBUG) {
AESCrypt.DEBUG_LOG_ENABLED = true;
}To be honest it's a strech to call this a library given it's only a single util class, but I created as went through a ton of pain working out the conpatible settings for AESCrypt. I hope this will save some one time in the future.
I welcome pull requests, issues and feedback.
- Fork it
- Create your feature branch (git checkout -b my-new-feature)
- Commit your changes (git commit -am 'Added some feature')
- Push to the branch (git push origin my-new-feature)
- Create new Pull Request
Copyright (c) 2014 Scott Alexander-Bown
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent