hi, i want to use this library in my php code , so please can you help to implement this library in php side ?

Are there any examples for using this class to encrypt/decrypt a byte stream?

Hey Guys, Thanks for doing
that important work. I am
curious are you also including
the IV inside the final cipher
or you pass it some other way ?

Thanks in advance.
Roman

I am currently using your excellent code to encrypt and decrypt on Android, however I have hit an issue that I don't know how to resolve or what might be causing it.

When I use your code straight up where I encode and decode a simple String it works fine.

However what I need to do is encrypt the String, put it in a Content Provider and then decrypt it when I pull it from the Content Provider.

However when I pull it from the ContentProvider and try to decrypt it I get the following exception:

java.security.GeneralSecurityException: MAC stored in civ does not match computed MAC.

The exact same String works if I decrypt it without putting it into the Content Provider so I am unsure why I am getting this issue?

Can you help me find why this might be occurring?

PrngFixes is throwing exception on some devices (collected from crash log) such as

Samsung - GT I9663, GT I9082L, GT S7500, SCH R820
Onda - TM 7043XD
Sony - C5303
Lenovo
and more

Android version: 2.3.4, 2.3.6 | 4.1.1, 4.1.2, 4.2.2

java.lang.SecurityException: new SecureRandom() backed by wrong Provider: class com.tozny.crypto.android.AesCbcWithIntegrity$PrngFixes$LinuxPRNGSecureRandomProvider
   at com.tozny.crypto.android.AesCbcWithIntegrity$PrngFixes.installLinuxPRNGSecureRandom(AesCbcWithIntegrity.java:764)
   at com.tozny.crypto.android.AesCbcWithIntegrity$PrngFixes.apply(AesCbcWithIntegrity.java:684)
   at com.tozny.crypto.android.AesCbcWithIntegrity.fixPrng(AesCbcWithIntegrity.java:347)
   at com.tozny.crypto.android.AesCbcWithIntegrity.generateKeyFromPassword(AesCbcWithIntegrity.java:184)
   at com.tozny.crypto.android.AesCbcWithIntegrity.generateKeyFromPassword(AesCbcWithIntegrity.java:234)

Encrypt.zip

The code attached does not decrypt properly, I am unsure why.

Can you please release a simple native java code that decipher this encryption?

Would it be possible to get a java specific version of this?

Also it would be worth testing something encrypted on jre could be decrypted from adk and vs versa

I am encrypting string on one device. I store salt in SQLite on that device. The encrypted text is then passed to another device which obviously has it's own salt stored in it's database and that results into MAC stored in civ does not match computed MAC. exception.

Is there any way to make it work across multiple devices? I could be doing something fundamentally wrong here, or even something this library is not addressing but any guidance would be much appreciated.

TIA.

The key derivation function in the library is SHA 256. SHA 256 is fast, so deriving the key will be easier than if this library used PBKDF2. This means the encrypted data is extra vulnerable if you have a weak password.

It will be great to put this project as jar into the maven central, thus we can use it via dependency and for each update, we can get it immediately at least. Currently we need to copy/paste.

I really like this repo :)

I don't understand, i see in the code :
SecureRandom.getInstance("SHA1PRNG")

but when i read https://android-developers.googleblog.com/2016/06/security-crypto-provider-deprecated-in.html

They say SHA1PRNG algorithm is not cryptographically strong and have been deprecated !

How do we store the AesCbcWithIntegrity.SecretKeys in the keystore. The keystore api provides the following method: keyStore.setKeyEntry(String, Key, Char[],Certificate[]). How do i convert the SecretKeys construct to Key.

Hello guys! I've a problem... what if I want to decrypt the string from other activity/fragment/etc?

As far as I can see, I need the CipherTextIvMac and keys, the same ones used for encrypt. Wouldn't be a best option to set a key value, pass it and the encrypted string for decrypt?

That way we can move around the data and keep it safe/secure.

I converted the cipherTextIvMac to a string and sent it to my server. However, when I get this string back from the server, I need to convert it into an object of CipherTextIvMac to decrypt it. How do I do this?

Oh

java.lang.RuntimeException: java.security.NoSuchAlgorithmException: SecretKeyFactory PBKDF2WithHmacSHA1 implementation not found

Some phones especially samsung ones, do not support this algorithm. Any work around for this issue?

samsung GT-S5282 - 4.1.2
samsung GT-I8190 - 4.1.2
samsung GT-S5300 - 2.3.6

After profiling my application's startup process I found that this the main contributor to my applications slow startup time was this library. The issue seems to be with the generateKeyFromPassword() method along with specifically usage of the SecretKeyFactory returned from SecretKeyFactory.getInstance(PBE_ALGORITHM). I'm calling generateKeyFromPassword() a few times in our application, but it seems to be adding seconds to the startup time.

Is there an alternative algorithm that can be used that would significantly increase performance? I'm aware a migration would likely have to take place.

Hello, thanks for a great library!

Im encrypting some data using an autogenerated password stored (for each user) on a server.
When I want to decrypt the data I then recreate the key with salt generated from java-aes-crypto. I am currently storing the salt in the SharedPreferences on the cellphone but this seems wrong since a potential hacker could easily access it if the phone is rooted.

Where should I store the salt?

While using this class, if Android <4.4 is not on plate, would it be a legit (and sensible) choice to replace AES/CBC/PKCS5Padding with AES/GCM/NoPadding? Is it a redundant option, due to the integrity checking you added?
If it makes sense, are there other changes required in order to optimize the class, aside from reducing the IV length to 12 bytes?
Any suggestion is welcome
Thanks

I'm thinking of specifically AES_KEY_LENGTH_BITS and PBE_ITERATION_COUNT; we would like to set these to 256 and 20_000 respectively. Of course we can just copy/paste the file into our build, but it would be nice to be able to import it in directly.

Hi,

We are seeing a warning on our production app on google play console. The warning states:

Security alert
Your app contains unsafe cryptographic encryption patterns. Please see this Google Help Center article for details.
Vulnerable classes: com.xxx.xxx.android.AesCbcWithIntegrity
Affects APK version 10819.

The article the warning is referring to https://support.google.com/faqs/answer/9450925

Remediation
for Unsafe Cryptographic Encryption - Google HelpThis information is intended for developers with app(s) that contain unsafe cryptographic encryption patterns. That is, a ciphertext is generated with a statically computed secret key, salt, or initiasupport.google.com

Can someone help me to resolve this Security alert warning?

Once the key is generated where should I store it?

Hi, this library looks very nice (unlike the native API), but I have some trouble storing the resulting keys.

I tried to store the keys in AndroidKeyStore for its hardware-backed security, but I am getting an exception saying I cannot store secretKeys at all. Is there a way how to achieve this?

Thanks.

keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);

AesCbcWithIntegrity.SecretKeys keys = AesCbcWithIntegrity.generateKey();
KeyStore.SecretKeyEntry entryConfidential = new KeyStore.SecretKeyEntry(keys.getConfidentialityKey());
keyStore.setEntry(confidentialAlias, entryConfidential, null); //throws exception

this ↑ throws an exception java.security.KeyStoreException: Entry must be a PrivateKeyEntry or TrustedCertificateEntry; was SecretKeyEntry: algorithm - AES

更新

I am working on a Android application that i want to release to be available for customers from both USA and Romania. Does this library require a special license for using strong encryption? The reason why i ask this is because some other libraries like SQLCIpher for Android require special license for this ( according to this blog http://www.informit.com/articles/article.aspx?p=2268753&seqNum=3 )

I was wondering if this is the case for this too. Please let me know. Thank you very much.

I am trying to use AES with GCM No padding. I am getting this exception Caller-provided IV not permitted in encryption

I am using GCMParamSepc for IV. Can you please help me fix that?

Hello guys! Thanks for the awesome library. I am running into an issue with decrypting a string that is stored in Preferences.

So what I am doing is generating a key based on a password and storing the salt. I regenerate the key whenever I need access to it. What I am trying to do those is decrypt the encrypted string without the CiperTextIvMac available.

So an example:

I get plain text -> encrypt it -> store on shared preferences.
Open app up a later time after it has been completely closed -> retrieve encrypted string from preferences -> decrypt string -> get plain text.

But what happens when I try to decrypt is

java.security.GeneralSecurityException: MAC stored in civ does not match computed MAC.
10-21 10:54:40.084  15146-15146/app_android W/System.err﹕ at app_android.security.AesCbcWithIntegrity.decrypt(AesCbcWithIntegrity.java:368)
10-21 10:54:40.084  15146-15146/app_android W/System.err﹕ at app_android.security.AesCbcWithIntegrity.decryptString(AesCbcWithIntegrity.java:331)
10-21 10:54:40.084  15146-15146/app_android W/System.err﹕ at app_android.security.AesCbcWithIntegrity.decryptString(AesCbcWithIntegrity.java:346)

Here is my code to decrypt:

String salt = getSalt();
AesCbcWithIntegrity.SecretKeys keys =   AesCbcWithIntegrity.generateKeyFromPassword(Constants.KEY, salt);
decryptedUsername = AesCbcWithIntegrity.decryptString(new   AesCbcWithIntegrity.CipherTextIvMac(username), keys);

Not sure if I am missing something obvious. But thanks for the help.

It was not quickly that use in android decode.

Added mavenCentral() to the build.gradle file and added the dependency to app/build.gradle, but aes-crypto is not available. Tried "0.0.1", "0.+", and "1.+" (to match your most recent release).

Hi, the constantTimeEq starts with:

if (a.length != b.length) {
return false;
}

this kind of makes it not equal time or am I missing something?

If I remember correctly, the correct way to handle this is with fake comparissons, something like:

int result = 0;
if (a.length != b.length) {
for (int i = 0; i < a.length; i++) {
result |= a[i] ^ a[i];
}
return false;
}

for some reason this works on all other devices I tested on, samsung, nexus, motorola, etc... but when I went to test on multiple LG G4 I get a build fail with a java.lang.IllegalArgumentException: bad base-64

Referencing this code

String deviceSerial = (String) Build.class.getField("SERIAL").get(
null);
Since SDK 26, Build.SERIAL is deprecated and will NOT return the device's serial number. This makes it will make it non-compatible. Since SDK 26 one should use Build.getSerial() which requires the PHONE permission.

https://developer.android.com/reference/android/os/Build.html#getSerial()

This will probably make the encrypted data non forward compatible when a device is upgraded to SDK 26.