Android and .NET Encryption.






4.93/5 (15 votes)
This article will explain briefly how to use a basic encryption/decryption on Android and on .NET platforms, with focus on passing encrypted data from Android to .NET.
Source:
Github: https://github.com/Pavel-Durov/CodeProject-Android-and-NET-Encryption
Direct:
Table of Contents
- Preface
- What is Encryption?
- Symmetric Encryption in Android
- Android implementation
- Decrypting Android message on .NET
- Summary
Preface
Sensitive data that can be observed by foreign eyes should be encrypted.
What is sensitive is your decision to make. It can be any personal data, images that you are sending over the network, your GPS location etc…
Sensitive data is vulnerable when its exposes outside of your program, when it is sent on the internet, or saved to local file system.
This article is not about security, it’s about simple encryption/decryption implementation.
What is Encryption?
Encryption is a transformation of the plaintext into a cipher text.
Symmetric Encryption
Asymmetric Encryption (public-key cryptography)
Symmetric Encryption in Android
In this example we will use an Android’s SDK class Cipher
for our encryption/decryption purposes.
http://developer.android.com/reference/javax/crypto/Cipher.html
CryptoHandler class
Let’s examine our CryptoHandler
class.
//CryptoHandler constructor
public CryptoHandler(String passphrase)
{
//decodes passd phrase to encrypted byte[]
byte[] passwordKey = encodeDigest(passphrase);
try
{
//_aesCipher instantiation passing transformation parameter
_aesCipher = Cipher.getInstance(CIPHER_TRANSFORMATION);
}
catch (NoSuchAlgorithmException e)
{ //Invalid algorithm in passed transformation parameter
Log.e(TAG, "No such algorithm " + CIPHER_ALGORITHM, e);
}
catch (NoSuchPaddingException e)
{ //Invalid padding in passed transformation parameter
Log.e(TAG, "No such padding PKCS5", e);
}
//Encodes the passed password phrase to a byte[]
//that will be stored in class private member of SecretKey type
_secretKey = new SecretKeySpec(passwordKey, CIPHER_ALGORITHM);
//Creates a new IvParameterSpec instance with the bytes
//from the specified buffer iv used as initialization vector.
_ivParameterSpec = new IvParameterSpec(rawSecretKey);
}
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
The AES instantiation happens in the following line:
private static String CIPHER_TRANSFORMATION = "AES/CBC/PKCS5Padding";
_aesCipher = Cipher.getInstance(CIPHER_TRANSFORMATION);
We invoke a Cipher
static method which returns an instantiated object of type Cipher
(if no exceptions were thrown).
“AES/CBC/PKCS5Padding “(passed String transformation argument)
AES – The encryption algorithm (Advanced Encryption Standard).
CBC – The name of a feedback mode (in our case Cipher Block Chaining).
PKCS5Padding – The name of the padding scheme.
CryptoHandler
class methods
In addition to the constructor we also have 3 other methods in our CryptoHandler
class:
public byte[] Encrypt(byte[] clearData)
public byte[] Decrypt(byte[] data)
public byte[] DoWork(byte[] data)
Calls the _aesCipher.doFinal(data)
method and catches exceptions.
private byte[] encodeDigest(String text)
Used once in the constructor for password phrase encoding.
The private raw key is stored as a byte array in the class:
private static byte[] _rawSecretKey =
{
0x12, 0x00, 0x22, 0x55, 0x33, 0x78, 0x25, 0x11,
0x33, 0x45, 0x00, 0x00, 0x34, 0x00, 0x23, 0x28
};
Android implementation
*The saved data will override the previous and will not be appended to existing data in the file.
/**
* Encrypts the String value that entered in the _tvMessage EditText View
* and saves is to file on local file system
* */
private void EncryptMessage()
{
String message = _tvMessage.getText().toString();
if(message != null && message.length() > 0)
{
//performs text encryption
byte[] bytes = _crypto.Encrypt(message.getBytes());
//sets view value
SetTextViewEncryptresult(bytes);
//saves encrypted text to internal file
_streamHandler.SaveTextFile
(
FileStreamHandler.ENCRYPTED_TXT_FILENAME,
bytes
);
}
}
* If you don’t know how to view your internal data of Android device, check my article:
http://www.codeproject.com/Articles/825304/Accessing-internal-data-on-Android-device
All file operations is performed through the FileStreamHandler
in handlers package.
There are several methods that are responsible for reading and writing into an internal file.
As you click the Decrypt
button on MainActivity
layout, the message will be read from the saved file and shown to you as Toast message.
/**
* Decrypt the message from saved local file content.
* calls ShowToast() method
* */
private void DecryptMessage()
{
byte[] fileContent = _streamHandler
.ReadFromLocalFile(FileStreamHandler.ENCRYPTED_TXT_FILENAME);
if(fileContent != null && fileContent.length > 0)
{
//preforms decryption of the fuile content
byte[] decrypted = _crypto.Decrypt(fileContent);
//Creates new String instance of passed byte[] as UTF-8
String readableData = StringHandler.GetString(decrypted);
String encrypted = StringHandler.GetString(fileContent);
if(readableData != null && encrypted != null)
{
//showing toast
ShowToast
(
getString(R.string.msg_decrypted) + readableData,
getString(R.string.msg_encrypted) + encrypted
);
}
}
else
{ //if file not exist or file content is empty
ShowToast(":(", "!");
}
}
If you clicked on Decrypt button and you got something like this:
That means that you finished the whole cryptographic cycle.
You entered a plain text, which was encoded to a cipher text and saved to local file, which afterwards were read and deciphered to a normal readable text.
In this example we saved the key and the password phrase as hardcoded value in our java class, however this is not an optimal solution, since it can be inspected very easily using reverse engineering, so keep it in mind and store the key in safe place.
Decrypting Android message on .NET
Ok, let’s create the file and pull it using adb:
Now our message is encrypted and saved to the hard drive.
http://www.codeproject.com/Articles/825304/Accessing-internal-data-on-Android-device
Since all my adb commands were executed successfully I can now browse my file in my Downloads directory:
Now we are going to import it to our .NET Console Application.
*Do not copy the text, we are dealing here with binary data and coping it as string can change its value! Simply copy the file as is.
In our C# Console Application we got the CryptoHandler class that is basically the same as on Android. Notice that on .NET we used two instances of ICryptoTransform
as the decryption and encryption mechanism. That’s pretty much the same, since on Android we used constants and here we are using factory method of RijndaelManaged
.NET class.
If every thing goes as it should be, run the C# program and you will see the same message as entered on the Android device:
Summary
We encrypted and decrypted our simple message on Android and .NET Application. This can be done as part of Client-Server communication (Android as Client, .NET as Server) with text or any other binary file that you wish to encrypt, except that you will need to deal with data transition over network, which we didn’t covered here.
Do not run and encrypt every thing that you have on your hands, especially when you dealing with large binary files. That can decrease your application efficiency, especially if you are defending data that no one is interested in.