Making this open source for a couple of reason. Main reason is that it deals with data encryption and therefore, in my opinion, it is best to use open source so that the code can be inspected and verified as being secure and sound when dealing with encryption. Second reason is that this is my first extension and first time using Java. I welcome any constructive criticism or feedback so that I may learn best practices.
It should still be considered beta until it has been fully tested. As I only have access to two android devices, I could use feedback on any issues with other devices and Android versions. Should work fine on Android 6+, at least I hope.
Now for the details.
Non-visible component extension to encrypt and decrypt user data using Android Keystore.
The Android Keystore is a system to perform cryptographic operations on the device in a more secure manner. The encryption keys are stored securely on the device and the encryption key is non-exportable. The encryption key is never exposed to the app. Visit this Android developer documentation for more information on the Android keystore.
This extension has just two methods. One to encrypt user data and one to decrypt.
The encrypt method takes plain text and outputs encrypted text. This encrypted text can be stored like any other text such as saving it in a TinyDB.
Decrypt method takes previously encrypted text and outputs the original unencrypted text.
This extension uses an encryption key that is stored on the device and is tied to the app. If the user uninstalls the app or clears the app storage, the key will also be deleted along with all the local user data. The first time the encryption method is invoked, the encryption key is generated. As the key is tied to the app and cannot be extracted, it provides a high level of security.
What API levels are supported?
API 23+ (Android 6)
Is there a size limit of the text that can be encrypted?
No. This extension uses a symmetric encryption key (same key to encrypt and decrypt) which works well on larger amounts of data.
What is the encryption Cipher?
Can this extension be use to encrypt text before saving it online?
Yes, but it may depend on the use case. Since only the device that encrypted the text can decrypt the text it may not meet design requirements. If the user uninstalls the app or clears the storage, the key will also be destroyed and there is no way left to decrypt the text.
Can this extension be used to encrypt user passwords or tokens?
Yes. This is an example of the type of text (data) this app can safely encrypt before storing it locally on the device. The encrypted text will need to be stored as part of your app design such as saving it in a TinyDB.
Can this extension be used to secure a developer API key?
No. This extension is for securely storing user data only.
Can this extension be used to share encrypted text between users or devices?
Indirectly. Only the device which encrypted the text can decrypt the text. However, text can be encrypted using other encryption methods and shared. The encryption keys or passwords used can subsequently be encrypted using this extension and stored on the user device. To encrypt an encryption key, the key will have to be in text format such as base64 encoded.
Can this extension be used to share encrypted data between apps on user device?
No. The encryption key can only be accessed by the app that creates the encryption key. (See previous question for options.)
Can this extension encrypt a dictionary?
Yes. Ideally, you should be just encrypting sensitive values within the dictionary. However, if your dictionary consists of mostly sensitive data, you can encrypt a whole dictionary. When decrypting the dictionary data, the output will be text which is in JSON format. The output will then have to be converted from JSON into dictionary format. This can be accomplished using the Web component’s JSON Text Decode method or other similar method.
Can you provide an example of how to encrypt and decrypt a dictionary?
(Dictionary is converted to encrypted text.)
However, it is probably better in most cases to just encrypt sensitive data.
com.jl9322.keystore.aix (8.5 KB)