Simple API to perform AES encryption on Android. This is the Android counterpart to the AESCrypt library Ruby and Obj-C (with the same weak security defaults :( ) created by Gurpartap Singh. https://github.com/Gurpartap/aescrypt

Overview

AESCrypt-Android

Android Arsenal

Simple API to perform AES encryption on Android with no dependancies. This is the Android counterpart to the AESCrypt library Ruby and AESCrypt-ObjC created by Gurpartap Singh. It used the same weak :'( security defaults i.e Blank IV noted below.

For compatiblity with AESCrypt, AESCrypt-Android has the same defaults namely:

  • 256-bit AES key
  • CBC mode
  • PKCS7Padding
  • Blank/Empty IV (default)*

*Using CBC with the default blank IV is vulnerable. This has been left in for compatibility with AESCrypt implementations. See Adv method for providing your own IV. If you don't need to be compatable with AESCrypt then look at java-aes-crypto it's API is just as simple and generates more secure keys.

Dependency

Download from Maven Central (.aar)

or

dependencies {
  compile 'com.scottyab:aescrypt:0.0.1'
}

Usage

Encrypt

String password = "password";
String message = "hello world";	
try {
    String encryptedMsg = AESCrypt.encrypt(password, message);
}catch (GeneralSecurityException e){
    //handle error
}

Decrypt

String password = "password";
String encryptedMsg = "2B22cS3UC5s35WBihLBo8w==";
try {
    String messageAfterDecrypt = AESCrypt.decrypt(password, encryptedMsg);
}catch (GeneralSecurityException e){
     //handle error - could be due to incorrect password or tampered encryptedMsg
}

Recommended Advanced usage

Please if you are going to use this library provide your own key, and use a different IV per message that you encrypt..

AESCrypt.encrypt(final SecretKeySpec key, final byte[] iv, final byte[] message)

AESCrypt.decrypt(final SecretKeySpec key, final byte[] iv, final byte[] decodedCipherText)

Note: for flexibility these 'adv' methods don't provide BASE64 encoding/decoding.

Debugging/Logging

To enable logging simple change switch on the logging flag as shown below.

AESCrypt.DEBUG_LOG_ENABLED = true;

Remember to disable in Live, recommend the below snippet if possible

if (BuildConfig.DEBUG) {
    AESCrypt.DEBUG_LOG_ENABLED = true;
}

To be honest it's a strech to call this a library given it's only a single util class, but I created as went through a ton of pain working out the conpatible settings for AESCrypt. I hope this will save some one time in the future.

Contributing

I welcome pull requests, issues and feedback.

  • Fork it
  • Create your feature branch (git checkout -b my-new-feature)
  • Commit your changes (git commit -am 'Added some feature')
  • Push to the branch (git push origin my-new-feature)
  • Create new Pull Request

Licence

Copyright (c) 2014 Scott Alexander-Bown

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Comments
  • How to use aes256 mode?

    How to use aes256 mode?

    I use AESCrypt.encrypt("123456","123456") and I got "LK09ZUQfjEWnBhyah8VNXg==" but the result should be "U2FsdGVkX1/bIqQCoW3eTfBoynP0mswP1PE6HM97jTk=" . What's the problem?

    opened by Ghostish 2
  • Use less Library Delete this Shit

    Use less Library Delete this Shit

    After apk decompiler it clearly show all my string (jsoneditoronline.org) ex: this.encryptedMsg = AESCrypt.encrypt("url", "myurl");

    Then why this useless library.. don't wast developer time .. just delete thus shit library

    dont call this shit encrypt and decrypt

    opened by Naguchennai 1
  • Python Counterpart

    Python Counterpart

    I have written the completely compatible python counterpart of AESCrypt (https://github.com/ninjatrench/PyAESCrypt)

    Maybe it would be helpful for cross platform implementation and you can add it to readme file

    Thanks

    opened by ninjatrench 1
  • Crashing if invalid BASE64 String Given

    Crashing if invalid BASE64 String Given

    java.lang.IllegalArgumentException: bad base-64

    in this line :
    byte[] decodedCipherText = Base64.decode(base64EncodedCipherText, Base64.NO_WRAP);

    This occurs when base64EncodedCipherText is not a proper BASE64 value . Write something to check for a proper BASE64 and then pass it to the function.

    opened by dynamitechetan 1
  • key derivation: use PBKDF2, not SHA-256

    key derivation: use PBKDF2, not SHA-256

    the long explanation is here: link to StackExchange

    TL;DR SHA-256 was not meant as key derivation function and has some bad properties (e.g. it is too fast).

    opened by japdlsd 1
  • Plain Text Error

    Plain Text Error

    Hello, Am using the library for a messaging app am working on. Before using the library messages are sent in plain text so after adding the library the decrypt message crashes the app for those old messages. Since the wrapped in the try catch block was expecting to catch the error for plain text. Need help please. :(

    stack trace below

    Fatal Exception: java.lang.IllegalArgumentException Fatal Exception: java.lang.IllegalArgumentException: bad base-64 at android.util.Base64.decode(Base64.java:161) at android.util.Base64.decode(Base64.java:136) at android.util.Base64.decode(Base64.java:118) at com.scottyab.aescrypt.AESCrypt.decrypt(AESCrypt.java:124)

    opened by pixelbendr 1
  • unable to run wrong final block length

    unable to run wrong final block length

    Please Help me to resolve this issue : {"Req Response":"unable to run wrong final block length","Response code":"003"}

    opened by best2010 1
  • Wrote some classes for extra usability.

    Wrote some classes for extra usability.

    Hi, I have used your library a lot of times and really like it, so I thought I can somehow contribute to it and make it even easier to use and needing less code for the user. Please review my code and if you find it ok accept it, if not tell me so we can make it even better.

    Thanks in advance

    opened by drilonrecica 0
  • Wrote some classes for extra usability.

    Wrote some classes for extra usability.

    Hi, I have used your library a lot of times and really like it, so I thought I can somehow contribute to it and make it even easier to use and needing less code for the user. Please review my code and if you find it ok accept it, if not tell me so we can make it even better.

    Thanks in advance

    opened by drilonrecica 0
  • Not equal

    Not equal

    http://blog.dealforest.net/2012/03/ios-android-per-aes-crypt-connection/

    Base64.encodeToString(cipher.doFinal(stringTocrypt.getBytes()), Base64.DEFAULT); //correct

    opened by flipnovidade 1
  • Java/Groovy Port

    Java/Groovy Port

    Hi, I have created a direct port of your Android File to suit Java/Grails enviornments. Works perfect with your Android Library. The Gist is at https://gist.github.com/vishnoor/a0e2922bda3af735a17e90ca03f7d446

    Usage is same as your Android Usage. The only extra thing is to support 256 Bit AES, the Oracle 7 Unlimited JCE has to be installed http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

    Sincere Regards, Vishnoo

    opened by vishnoor 3
  • Encryption result of AESCrypt-Android library differs from result in php?

    Encryption result of AESCrypt-Android library differs from result in php?

    According to the usage example, using password = password and message = hello world results in the encrypted message 2B22cS3UC5s35WBihLBo8w==

    However in php using the same password and messagefollowing the snippet here results in the encrypted message lMwL6ztvVavgsTu7NJE/kw== which is different.

    See complete php code snippet here

    <!DOCTYPE html>
    <head>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    </head>
    
    <body>
     <!-- following this snippet<br>
          https://www.urbaninsight.com/2012/06/13/encrypt-and-decrypt-strings-php
     -->
    
     <?php
      $string = "hello world";
      $password = "password";
      $method = "aes-256-cbc";
    
      $encrypted = openssl_encrypt($string, $method, $password);
      echo "ENCRYPT:<br>$string<br>$password<br>$encrypted<br><br>";
    
      $decrypted = openssl_decrypt($encrypted, $method, $password);
      echo "DECRYPT:<br>$encrypted<br>$password<br>$decrypted";
     ?>
    
     <!-- result: lMwL6ztvVavgsTu7NJE/kw==
      -->
    
     </body>
    </html>
    

    Is the AESCrypt-Android library not compatible with php or is there something, I'm overseeing currently? Thank you in advance! Taifun

    opened by puravidaapps 0
  • Encryption result is different on Android and IOS

    Encryption result is different on Android and IOS

    Hello,

    I am using this library in my android project and its counter part https://github.com/Gurpartap/aescrypt in ios project. I am encrypting same text with same encryption key, but it is giving me different results on ios and android.

    I am using this key : 25c35734b1ef623ca2a7f730cf2fea8b790739ba

    String to encrypt is : Password

    Encrypted String IOS : W3LyAxKq2+QdDBfKUGVgTg== Encrypted String Android : zdgSimKva1jblici7F8DGw==

    opened by CDNRahulSonpaliya 3
  • IV must be 16 bytes long

    IV must be 16 bytes long

    Hello,

    Im getting (IV must be 16bytes long) when using the advance mode.

    My encryptedText = "HE9257Ykdrnb7zZTbNYLcLNzsg24t2aEftUZ7Tr0BU0=" My IV = "618wNQX6K3k2343c" //My IV is 16byte long

    I base 64 decode both using Base64.decode(encryptedText, Base64.NO_WRAP) and Base64.decode(IV, Base64.NO_WRAP) then pass in (SecretKeySpec, byte[] IV, byte[] encryptedText ) as parameter for advance mode, but gave me an error (IV must be 16 bytes long).

    opened by nicchong 0
Owner
Scott Alexander-Bown
Android Developer (remote), author, speaker, father and scruffy looking nerf herder. Love coffee, Belgian beer and running. Founder @swmobilegroup
Scott Alexander-Bown
Find Security Bugs is the SpotBugs plugin for security audits of Java web applications

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

OWASP Find Security Bugs 2k Jan 6, 2023
AndroidHybridCrypto is simple customizable Android implementation of hybrid cryptography (AES+RSA+Hash) recommended by OWASP.

AndroidHybridCrypto HybridCrypto is simple customizable Android implementation of hybrid cryptography (AES+RSA+Hash) recommended by OWASP. Usage Step

UTNGY Pisal 2 Sep 6, 2022
The Spigot plugin counterpart of the overly complex SSN.gg authentication system

Atreus The Spigot plugin counterpart of the overly complex SSN.gg authentication system. Building Make sure you have both Maven and JDK installed (ver

servidor sem nome 3 Dec 16, 2022
MiHawk 🦅👁️ is simple and secure 🔒 Android Library to store and retrieve pair of key-value data with encryption , internally it use jetpack DataStore Preferences 💽 to store data.

MiHawk MiHawk ?? ??️ is simple and secure ?? Android Library to store and retrieve pair of key-value data with encryption , internally it use jetpack

Nedal Hasan Ibrahem 5 Sep 3, 2022
A simple text encryption/decryption password based GUI+CLI tool

ZeText: Zero disk exposition texts This is a simple text encryption/decryption password based GUI+CLI tool, allowing to enter, edit and decrypt files

sergeych 0 Dec 21, 2021
Secure your REST APIs with Spring Security, Resource and Authorization Server from zero to JWT

Secure REST APIs with Spring ./mvnw RTFM YouTube: Spring Security Patterns YouTube: Spring Security 5.5 From Taxi to Takeoff Official Apache Maven doc

Maksim Kostromin 1 Dec 5, 2021
A collection of android security related resources

android-security-awesome A collection of android security related resources. Tools Academic/Research/Publications/Books Exploits/Vulnerabilities/Bugs

Ashish Bhatia 6.6k Jan 5, 2023
Native Device security checks, Rooted/Jailbroken, Not real device, Developer mode is on, On external drive.

palestine_trusted_device Native Device security checks, Rooted/Jailbroken, Not real device, Developer mode is on, On external drive. Part of Palestine

Palestine Developers 3 Apr 19, 2022
Tiny app to enforce security policies of your device

Sentry Enforce security policies. Tiny app to enforce security policies of your device. It can: limit the maximum number of failed password attempts d

lucky 43 Dec 24, 2022
Mobile Security Framework (MobSF)

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Mobile Security Framework 13.2k Jan 4, 2023
Java bytecode obfuscator created by x4e.

Binscure Java bytecode obfuscator created by x4e. Usage First, create a config file, (example config here). When you have a config file, run binscure

null 35 Nov 22, 2022
Contrast Scan GitHub action

Use Contrast Scan to analyze your code This github action will enable you to use Contrast Scan to detect vulnerabilities in your code. This action can

Contrast Security OSS 17 Nov 9, 2022
A tool translate a apk file to stantard android project include so hook api and il2cpp c++ scaffolding when apk is a unity il2cpp game. Write code on a apk file elegantly.

FakerAndroid (FakerAndroid.jar or FakerAndroid-AS) A tool translate a apk file to stantard android project include so hook api and il2cpp c++ scaffold

null 231 Dec 29, 2022
Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Grab’n Run, a simple and effective Java Library for Android projects to secure dynamic code loading.

Luca Falsina 418 Dec 29, 2022
A simple library that can help you detect if you app is modded or tampered with

Android Tamper Detector A simple library that can help you detect if you app is modded or tampered with. This adds a security level that makes it diff

Mukesh Solanki 130 Nov 14, 2022
A simple android app that parses its own signature and displays it

SigDisplayer Usage Download the release APK or clone the repository and compile yourself. Sign the APK with your preferred keystore. Install and open

Jonah 5 Oct 18, 2022
simple implementation KTLint with lib JLLeitschuh/ktlint-gradle

Simple DETEKT implementation others KTLint KTLint-gradle DeteKT Spotless gradle-code-quality-tools-plugin Tutorials medium Config detekt config.yml Gr

John Alves 0 Jun 10, 2022
PermissionX is an extension Android library that makes Android runtime permission request extremely easy

PermissionX is an extension Android library that makes Android runtime permission request extremely easy. You can use it for basic pe

Lin Guo 2.9k Dec 28, 2022
Signal Protocol library for Java/Android

Overview A ratcheting forward secrecy protocol that works in synchronous and asynchronous messaging environments. PreKeys This protocol uses a concept

Signal 1.8k Dec 24, 2022