Skip to content

Commit

Permalink
Merge branch 'master' into feature/tozny#35
Browse files Browse the repository at this point in the history
# Conflicts:
#	aes-crypto-sample-app/.gitignore
  • Loading branch information
spyhunter99 committed Feb 20, 2018
2 parents 0eca258 + 0771841 commit 6dec75a
Show file tree
Hide file tree
Showing 19 changed files with 397 additions and 361 deletions.
76 changes: 53 additions & 23 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ java-aes-crypto

A simple Android class for encrypting & decrypting strings, aiming to avoid [serious cryptographic errors](http://tozny.com/blog/encrypting-strings-in-android-lets-make-better-mistakes/) that most such classes suffer from. [Show me the code](https://github.com/tozny/java-aes-crypto/blob/master/aes-crypto/src/main/java/com/tozny/crypto/android/AesCbcWithIntegrity.java)

#Features
# Features

Here are the features of this class. We believe that these properties are consistent with what a lot of people are looking for when encrypting Strings in Android.

Expand All @@ -14,57 +14,87 @@ Here are the features of this class. We believe that these properties are consis
* *Integrity*: Lots of people think AES has integrity checking built in. The thinking goes, "if it decrypts correctly, it was generated by the person with the private key". Actually, AES CBC allows an attacker to modify the messages. Therefore, we've also added integrity checking in the form of a SHA 256 hash.


#How to include in project?
# How to include in project?

###Copy and paste
It's a single very simple java class, [AesCbcWithIntegrity.java](https://github.com/tozny/java-aes-crypto/blob/master/aes-crypto/src/main/java/com/tozny/crypto/android/AesCbcWithIntegrity.java) that works across most or all versions of Android. The class should be easy to paste into an existing codebase.
## Copy and paste

###Android Library project
The library is in Android library project format so you can clone this project and add as a library module/project.

###Maven Dependency
We've also published the library AAR file to Maven central for simple one line gradle dependency management.
It's a single very simple java class,
[AesCbcWithIntegrity.java](https://github.com/tozny/java-aes-crypto/blob/master/aes-crypto/src/main/java/com/tozny/crypto/android/AesCbcWithIntegrity.java)
that works across most or all versions of Android. The class should be easy to
paste into an existing codebase.

## Android Library project

The library is in Android library project format so you can clone this project
and add as a library module/project.

## Maven Dependency

We've also published the library AAR file via Jitpack for simple
gradle dependency management:

Add the Jitpack repository to your root build.gradle:

```groovy
dependencies {
compile 'com.tozny:aes-crypto:0.0.1'
allprojects {
repositories {
...
maven { url 'https://jitpack.io' }
}
}
```

#Examples
Add the dependency to your project's build.gradle:

##Generate new key
```groovy
dependencies {
compile 'com.github.tozny:java-aes-crypto:1.1.0'
}
```

# Examples

## Generate new key

```java
AesCbcWithIntegrity.SecretKeys keys = AesCbcWithIntegrity.generateKey();
```


##Encrypt
## Encrypt

```java
AesCbcWithIntegrity.CipherTextIvMac cipherTextIvMac = AesCbcWithIntegrity.encrypt("some test", keys);
//store or send to server
String ciphertextString = cipherTextIvMac.toString();
```

##Decrypt
## Decrypt

```java
//Use the constructor to re-create the CipherTextIvMac class from the string:
CipherTextIvMac cipherTextIvMac = new CipherTextIvMac (cipherTextString);
String plainText = AesCbcWithIntegrity.decryptString(cipherTextIvMac, keys);
```
```

## Storing Keys

##Storing Keys
Once you've generated a random key, you naturally might want to store it. This may work for some use cases, but please be aware that if you store the key in the same place that you store the encrypted data, your solution is not cryptographically sound since the attacker can just get both the key and the encrypted text. Instead, you should use either the [Keystore infrastructure](http://developer.android.com/training/articles/keystore.html) or consider generating the key from a passphrase and using that to encrypt the user data.
Once you've generated a random key, you naturally might want to store it. This
may work for some use cases, but please be aware that if you store the key in
the same place that you store the encrypted data, your solution is not
cryptographically sound since the attacker can just get both the key and the
encrypted text. Instead, you should use either the [Keystore
infrastructure](http://developer.android.com/training/articles/keystore.html)
or consider generating the key from a passphrase and using that to encrypt the
user data.

If despite the above you still want to store the key, you can convert the keys to a string using the included functions and store them in preferences or SQLite.
If despite the above you still want to store the key, you can convert the keys
to a string using the included functions and store them in preferences or
SQLite.

#License
The included MIT license is compatible with open source or commercial products.
Tozny also offers custom support and licensing terms if your organization has different needs. Contact us at [[email protected]](mailto:[email protected]) for more details.
# License

The included MIT license is compatible with open source or commercial products.
Tozny also offers custom support and licensing terms if your organization has
different needs. Contact us at [[email protected]](mailto:[email protected]) for more
details.

7 changes: 7 additions & 0 deletions aes-crypto-sample-app/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
*.iml
.gradle
/local.properties
.DS_Store
/build
.externalNativeBuild
.idea
2 changes: 1 addition & 1 deletion aes-crypto-sample-app/app/.gitignore
Original file line number Diff line number Diff line change
@@ -1 +1 @@
/build
/build
66 changes: 33 additions & 33 deletions aes-crypto-sample-app/app/build.gradle
Original file line number Diff line number Diff line change
@@ -1,33 +1,33 @@
apply plugin: 'com.android.application'

android {
compileSdkVersion 25
buildToolsVersion "25.0.1"
defaultConfig {
applicationId "com.tozny.aeswithintegritysample"
minSdkVersion 18
targetSdkVersion 25
versionCode 1
versionName "1.0"
testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
}
sourceSets {
main.java.srcDirs += '../../aes-crypto/src/main/java'
}

buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
}

dependencies {
compile fileTree(dir: 'libs', include: ['*.jar'])
androidTestCompile('com.android.support.test.espresso:espresso-core:2.2.2', {
exclude group: 'com.android.support', module: 'support-annotations'
})
compile 'com.android.support:appcompat-v7:25.0.1'
testCompile 'junit:junit:4.12'
}
apply plugin: 'com.android.application'

android {
compileSdkVersion 25
buildToolsVersion "25.0.1"
defaultConfig {
applicationId "com.tozny.aeswithintegritysample"
minSdkVersion 18
targetSdkVersion 25
versionCode 1
versionName "1.0"
testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
}
sourceSets {
main.java.srcDirs += '../../aes-crypto/src/main/java'
}

buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
}

dependencies {
compile fileTree(dir: 'libs', include: ['*.jar'])
androidTestCompile('com.android.support.test.espresso:espresso-core:2.2.2', {
exclude group: 'com.android.support', module: 'support-annotations'
})
compile 'com.android.support:appcompat-v7:25.0.1'
testCompile 'junit:junit:4.12'
}
34 changes: 17 additions & 17 deletions aes-crypto-sample-app/app/proguard-rules.pro
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
# Add project specific ProGuard rules here.
# By default, the flags in this file are appended to flags specified
# in C:\Users\Justin\AppData\Local\Android\Sdk/tools/proguard/proguard-android.txt
# You can edit the include path and order by changing the proguardFiles
# directive in build.gradle.
#
# For more details, see
# http://developer.android.com/guide/developing/tools/proguard.html
# Add any project specific keep options here:
# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
# public *;
#}
# Add project specific ProGuard rules here.
# By default, the flags in this file are appended to flags specified
# in C:\Users\Justin\AppData\Local\Android\Sdk/tools/proguard/proguard-android.txt
# You can edit the include path and order by changing the proguardFiles
# directive in build.gradle.
#
# For more details, see
# http://developer.android.com/guide/developing/tools/proguard.html

# Add any project specific keep options here:

# If your project uses WebView with JS, uncomment the following
# and specify the fully qualified class name to the JavaScript interface
# class:
#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
# public *;
#}
36 changes: 18 additions & 18 deletions aes-crypto-sample-app/app/src/main/AndroidManifest.xml
Original file line number Diff line number Diff line change
@@ -1,19 +1,19 @@
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.tozny.aeswithintegritysample">

<application
android:allowBackup="true"
android:icon="@mipmap/ic_launcher"
android:label="@string/app_name"
android:supportsRtl="true"
android:theme="@style/AppTheme">
<activity android:name="com.tozny.aes_crypto_sample.MainActivity" android:label="@string/app_name">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
</application>

<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.tozny.aeswithintegritysample">

<application
android:allowBackup="true"
android:icon="@mipmap/ic_launcher"
android:label="@string/app_name"
android:supportsRtl="true"
android:theme="@style/AppTheme">
<activity android:name="com.tozny.aes_crypto_sample.MainActivity" android:label="@string/app_name">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
</application>

</manifest>
Loading

0 comments on commit 6dec75a

Please sign in to comment.