AES encryption free extension

aes
encryption

(Tiziano) #1

Here I’m, I rechecked my old extension and now it works fine. I enclose a demo too and a new link.

This extension has been revised and now it is supported by Tozny’s great work about AES encryption, to which I’m debtor for this project .
The AES 128 is encrypted in CBC mode with PKCS5 padding. The cyphertext and random IV generated during the process are kept together, so no need to store the latter somewhere. The integrity of cyphertext is assured by SHA256 , whose digest is kept together with the generated key.

How it works:
SetAlgorythm
At present only AES is implemented, so the numeric value possible is “1”

MyPassword
If you want to use a personal password set TRUE else for a random key set FALSE

GenerateStrongKey
attach a password here if MyPassword is TRUE or a blank string if FALSE
then save safely this result somewhere for encryption/decryption process

Encrypt
myPassword param. needs your password if MyPassword is TRUE or a blank string if FALSE
secret param. needs the result of GenerateStrongKey
stringToEncrypt param. needs a string with text to encrypt

Decrypt
myPassword param. needs your password if MyPassword is TRUE or a blank string if FALSE
secret param. needs the result of GenerateStrongKey
stringToDecrypt param. needs a string with a ciphertext generated with Encrypt

New link as per current version
com.tiziano1960.cryptoextension.aix (28,5 KB)
and here’s a demo
CryptoExtensionDemo.apk (2,2 MB)

Example of use:


(Diego Barreiro Pérez) #2

What AES is that? :sweat_smile:
AES-128, AES-256…

Just to clarify


#3

in this case your extension useless… if someone likes to use encryption, then it should be as safe as possible…

Encrypting strings in Android: Let’s make better mistakes
https://tozny.com/blog/encrypting-strings-in-android-lets-make-better-mistakes/

If you do a web search for “encrypting Strings in Android”, you’ll find a lot of example code on sites like Stack Overflow, but those examples are wrong. They definitely input a String and output gibberish that looks like encrypted text, but they are subtly insecure and even dangerous. Crypto is tricky: it’s hard to tell that the gibberish that’s being printed is not good crypto, and it’s hard to tell that the code example you picked up from Stack Overflow has serious flaws.

Taifun
https://puravidaapps.com/aes.php


(Tiziano) #4

AES 128 , using ECB (which is not the most secure mode to use AES, but I judged , wrong or not, that for my needs and for the majority of users which haven’t the safe of Fort Knox to defend, it’s enough). Everyway, I’ll try to improve in the next future!


#5

if someone needs to use encryption, then he/she likes to do it correctly and not only a little bit
this is not dependent on the development environment

Taifun


(Tiziano) #6

After a while, I had time to review and totally change the extension. Now the encryption is stronger while the algorythm is the same AES with a 128 keysize. I hope to have improved the fisrt attempt and maybe, in future, I would like to add more options.
See the first post for new link


(Tiziano) #7

A new version and a demo have been uploaded, see first post


(Pme) #8

Next version uses CBC method,not ECB method right? So new version is more secure than old version,right?


(Tiziano) #9

Yes you are right


(Kleyber Derick) #10

Just point it out… is there a MD5 encryption available there?


(Philipp Lang) #12

Hello, the community language is english, so please translate your language into english before you post.


(A K) #13

If i encrypt post data by this extension and sent to my server… how can i decrypt this data through php .