Show how to use cryptography to secure strings and network traffic.
- [Instructor] Even using private files, we may want to have the additional protection offered by cryptography to protect our data. We can do this easily with the Java cryptography functions. Let's encrypt the sensitive data we stored. The first thing to do is to generate a random secret key to use. We can do this by using the pseudo random number generator built into Java. I've added a null secret key specification called SKS. I've declared the secure random class and initialized it with a seed and then used it to generate a 128 bit key for using with AES.
I rep that into the key specification variable I declared. Okay, we've got our key and we can now call the encryption routine. Java provides the cipher class for encryption and decryption. The first thing I'll do is to declare the activation code as a string variable for the moment and initialize it. I'll also declare a byte array for the cipher text we'll get returned. I'll set up the encryption by requesting AES with the default of 128 bit electronic covert mode as the encryption method to use.
I'll then call the due final routine to get a block of cipher text. I want to save the cipher text in a readable string form so I can base 64 encode it. I'll then write that out in place of the hard coded string. Okay, we've now secured our activation code on disk using AES and a randomly generated private key. We can confirm that this works by also adding a bit of code to read back the data, decrypt it, and display it using TOAST. To read it back, we use the file reader call.
To recover the value, we use the cipher function again with decrypt mode and we'll pop up a piece of TOAST. I'll build this now and use my Nexus 5x virtual device to run it. We've used the Java cryptography routines to provide a random key and to do both enciphering and deciphering of the activation code. We've used the Bay 64 routines to encode the data and we've stored the encrypted activation code in a private file area.
- Understanding Android OS, app, and hardware security components
- Using the Trusted Execution Environment
- Developing Android apps with security in mind
- Analyzing existing applications
- Understanding Android vulnerabilities
- Securing Android apps
- Developing secure enterprise apps