AsymmetricCryptography : An extension for asymmetric cryptography

1.Introduction

Hi everyone :slightly_smiling_face:
AsymmetricCryptography is an extension which you can use to add end-to-end encryption in your app.It uses asymmetric encryption which ensures that your data is safe.

Latest Version: 3
Last Updated: 2020-07-25T18:30:00Z

2.Blocks

Just few blocks…
image

3.Documentation

A quick and short documentation for AsymmetricCryptography :

image

Generates keys of provided length and raises event ‘KeysGenerated’ with success and response values.
Note: (i) Big key size will consume more ram.It behaves normal upto 4096.
(ii) Key length should be at least 8 times of string length.
For Example :
A key of length 1024 can encrypt a string of length 128.

image

Returns private key in string format

image

Returns public key in string format

image

Tries to encrypt given string with provided public key and returns encrypted text

image

Tries to decrypt given string with provided private key and returns decrypted text
Note: It can take some time if string and keys are big in size but it does not freezes current activity.

4.Downloads

Aix

Download Link1: com.sunny.AsymmetricCryptography.aix (8.6 KB)

Aia

Download Link1:AsymmetricCryptography.aia (28.4 KB)

You will have to update the extension if you want to use Aia

5.Credits

I would like to say thank you to @sonumohammad333 for testing extension and giving helpful advices.
Also a lot of thanks to @Kodular for this great platform :heart_eyes:

6.Updates/Bug Fixes

ChangeLog Version2

Changes

  • Some internal changes so that you don’t have to call ‘GenerateKeys’ method to initialize extension.
ChangeLog Version3

Changes

  • Minor bug fixes
  • Some internal changes

7.Liked my work/Support me

Thank you for your love :heart:
But as we all know our beautiful earth is facing a big pandemic named Corona or Covid-19 so if you want to support me or you have liked my work then please donate as much as possible money to relief funds and help people living in your local :pray:

26 Likes

Thank you so much @vknow360, all your extensions are very useful.:heart:

3 Likes

Is this guaranteed? In other words is it the same end-to-end encryption used by major chat applications such as WhatsApp?

I saw on the news that Zoom got into trouble for claiming to have end-to-end encryption. I wouldn’t want to be in the same position.

1 Like

You’re welcome @vknow360 … its great working with you
And Thank You very much… that you developed the extension by seeing my topic

1 Like

When you want to use end-to-end encryption , you have two options -
1.Symmetric Encryption (Learn more)
2.Asymmetric Encryption (Learn more)

Lets talk about Symmetric Encryption first.It uses same key for both encryption and decryption which makes it easy to use but at the same time it becomes less secure.
Let’s go some deeper(these are not my words):
In symmetric encryption the same key is used to encrypt and decrypt on both sides. This poses a problem as both legitimate parties need to have the key, which may involve sending it over from one side to the other, thereby exposing it to being compromised. It is therefore not effective in all cases.

Now come to Asymmetric Encryption.It uses a pair of Private and Public Keys to encrypt and decrypt data which makes its usage complex but more secured.
Two types of keys are used for each party, one public key and one private key, that is each party has a public key and a private key. The public keys are available to both parties, and to anyone else, as the two parties mutually share their public keys prior to communication. Tom uses Harry 's public key to encrypt the message, which can now only be decrypted using this (Harry's) public key and Harry's private key. This private key is only available to Harry and to no one else, not even to Tom the sender. This key is the one element that makes it impossible for any other party to decrypt the message because there is no need to send the private key over.

So what is end-to-end encryption?
End-to-end encryption works as explained above, and is an implementation of asymmetric encryption. As the name implies, end-to-end encryption protects data such that it can only be read on the two ends, by the sender, and by the recipient. No one else can read the encrypted data, including hackers, governments, and even the server through which the data is passing.

Read more about it here

After reading those things a question came to my mind:
Does whatsapp really use end-to-end encryption?
So I Googled it and found that it uses both encryption algorithms:

At last I can’t say that it will give you encryption like WhatsApp but it is very close to encryption algorithm used in WhatsApp

3 Likes

Thank you for your in-depth and honest answer.

2 Likes

Can I used this extension in my sql database?

Hi @Harsh_Rajput Welcome to Kodular Community
Yes you can use it with any database.
It is not any database specific so it can be independently used with all databases.
But it will be very complex thing because you will have to save your own public and private key in database so that you can use those keys to encrypt and decrypt data.

More KeyLength means more security
Know more here:
https://www.javamex.com/tutorials/cryptography/rsa_key_length.shtml

1 Like

Thanks vknow360 Ya i understood but when we stored keys in our database, there are some possibilities to hacker to get keys from database and then hack the whole data.
I’m still doubted. May be it’s not 100% secure.

Then use keys directly in your app.

@vknow360 your extension looks amazing, keep up the good work!

2 Likes

He is a good extension developer…
@vknow360 is very young
He will 15 years old in some days…

1 Like

ChangeLog Version 2
Changes

  • Some internal changes so that you don’t have to call ‘GenerateKeys’ method to initialize extension.
2 Likes

Big thank you for creating this great extension! Asymmetric encryption was the one thing I couldn’t find in kodular. However, I have a couple of suggestions that would help a lot with usability.

First suggestion is to include an option to be able to encrypt using multiple public keys in a list. This would allow text (data) to be later decrypted by any one of two or more private keys. If you think of a chat app, at a minimum, you would likely want two public keys. A chat message should be encrypted with both the receiver and sender public keys. This way, you would only need to store one copy in a database that could be read by sender or receiver. Also, you could potentially have multiple recipients. Work around would be to store multiple copies of a message, one for each person, but that is not practical when storing or transmitting data.

Second option I would like to see is option to encrypt data besides text such as pictures, video or audio. Again, using a chat app as an example, it is common to attach an image.

Hi @jl9322 Welcome to Kodular Community
Glad you liked it :heart_eyes:

It seems fine from one side but when you go deeper you will find that you are compromising with your privacy.The logic behind asymmetric encryption is that it encrypts data in such a way that the one who has private key can decrypt the data. But what if there will be two public and private keys? Well in that case if someone somehow got one of both keys then your data can be decrypted easily.

I will try to add this :slightly_smiling_face:
Thank you for your suggestions :heart:
I found this useful so I want to share it with you:

1 Like

Thanks for the reply @vknow360 and for taking my suggestions into consideration. :blush:

I see your point on security is weakened by using multiple keys to encrypt. However, the additional risk should be up the to app designer and users. It would be like sharing a secret, the more people you tell, the more likely your secret will get out, but a choice that is made.

I would think using multiple public keys is a fairly common use case, especially if the two keys belong to the sender and recipient of a message or file. Without this option, only the recipient (private key holder) would be able decrypt the data. The person that encrypted the data would have no way to then decrypt it.

Using a chat app as an example, where message are stored on a server, the message would have to be encrypted and stored twice for both the sender and recipient to be able to later fetch and read the message. I would think that it would be more practical in most cased just to encrypt the message once with two public keys.

Still using a chat app as an example, if you had a conversation between three people, it would get much more complicated to encrypt messages. Sender would have to encrypt message three times, two recipients plus their copy of sent message. Then there would be no way to guarantee or prove that all recipients received the same message or data.

Another example may be where a user wants to secure some data, but have the option for someone else to possibly be able to retrieve a document. Say an employ secures a document, but needs one or more people to be able to decrypt it for use or as a back up without having to share the private key. With only one key, there is no back up if something happens to the one and only private key.

This app GitHub - open-keychain/open-keychain: OpenKeychain is an OpenPGP implementation for Android. is an example of an implementation which allows for multiple public keys to encrypt a file.

I hope you will consider looking into providing this as an option.

1 Like

Your chat app example reminds me a wonderful and useful post by Evan W. Patton on MIT AI2 community:

If I am not wrong KeyChain is an Android implementation of PGP which also uses Asymmetric Encryption.It implements a solution such that symmetric encryption is used to encrypt data, and asymmetric encryption is used to encrypt the key.
Now if you want to use PGP in Kodular then use Cryptography component and this extension together.

1 Like

use this extension for encryt videos ?

Hi @Android_Gamer Welcome to Kodular Community

Since extension can only encrypts string so first you will have to convert video to string and then you can encrypt that string using this extension.