[Free/OS] Keystore - Secure Encryption and Decryption

Making this open source for a couple of reason. Main reason is that it deals with data encryption and therefore, in my opinion, it is best to use open source so that the code can be inspected and verified as being secure and sound when dealing with encryption. Second reason is that this is my first extension and first time using Java. I welcome any constructive criticism or feedback so that I may learn best practices.

It should still be considered beta until it has been fully tested. As I only have access to two android devices, I could use feedback on any issues with other devices and Android versions. Should work fine on Android 6+, at least I hope. :wink:

Now for the details.

Keystore

Non-Visible Kodular and MIT App Inventor component extension.

Overview

Non-visible component extension to encrypt and decrypt user data using Android Keystore.

Android Keystore

The Android Keystore is a system to perform cryptographic operations on the device in a more secure manner. The encryption keys are stored securely on the device and the encryption key is non-exportable. The encryption key is never exposed to the app. Visit this Android developer documentation for more information on the Android keystore.

Methods

This extension has just two methods. One to encrypt user data and one to decrypt.

Encrypt

The encrypt method takes plain text and outputs encrypted text. This encrypted text can be stored like any other text such as saving it in a TinyDB.

component_method_encrypt

Decrypt

Decrypt method takes previously encrypted text and outputs the original unencrypted text.

component_method_decrypt

Additional Information

This extension uses an encryption key that is stored on the device and is tied to the app. If the user uninstalls the app or clears the app storage, the key will also be deleted along with all the local user data. The first time the encryption method is invoked, the encryption key is generated. As the key is tied to the app and cannot be extracted, it provides a high level of security.

FAQ

What API levels are supported?

API 23+ (Android 6)

Is there a size limit of the text that can be encrypted?

No. This extension uses a symmetric encryption key (same key to encrypt and decrypt) which works well on larger amounts of data.

What is the encryption Cipher?

AES/GCM/NoPadding

Can this extension be use to encrypt text before saving it online?

Yes, but it may depend on the use case. Since only the device that encrypted the text can decrypt the text it may not meet design requirements. If the user uninstalls the app or clears the storage, the key will also be destroyed and there is no way left to decrypt the text.

Can this extension be used to encrypt user passwords or tokens?

Yes. This is an example of the type of text (data) this app can safely encrypt before storing it locally on the device. The encrypted text will need to be stored as part of your app design such as saving it in a TinyDB.

Can this extension be used to secure a developer API key?

No. This extension is for securely storing user data only.

Can this extension be used to share encrypted text between users or devices?

Indirectly. Only the device which encrypted the text can decrypt the text. However, text can be encrypted using other encryption methods and shared. The encryption keys or passwords used can subsequently be encrypted using this extension and stored on the user device. To encrypt an encryption key, the key will have to be in text format such as base64 encoded.

Can this extension be used to share encrypted data between apps on user device?

No. The encryption key can only be accessed by the app that creates the encryption key. (See previous question for options.)

Can this extension encrypt a dictionary?

Yes. Ideally, you should be just encrypting sensitive values within the dictionary. However, if your dictionary consists of mostly sensitive data, you can encrypt a whole dictionary. When decrypting the dictionary data, the output will be text which is in JSON format. The output will then have to be converted from JSON into dictionary format. This can be accomplished using the Web component’s JSON Text Decode method or other similar method.

Can you provide an example of how to encrypt and decrypt a dictionary?

Sure.

Encrypt dictionary:

dictionary_encrypt
(Dictionary is converted to encrypted text.)

Decrypt dictionary:

However, it is probably better in most cases to just encrypt sensitive data.

Encrypt value:

value_encrypt

Decrypt value:

value_decrypt

Github

https://github.com/jl9322/keystore

AIX

Version 0.1.1
com.jl9322.keystore.aix (8.5 KB)

Test

Sample aia & apk for testing.
Keystore.aia (11.9 KB)
Keystore.apk (5.3 MB)

18 Likes

Thanks for this extension :heart:

1 Like