scottyab / AESCrypt-Android

Simple API to perform AES encryption on Android. This is the Android counterpart to the AESCrypt library Ruby and Obj-C (with the same weak security defaults :( ) created by Gurpartap Singh. https://github.com/Gurpartap/aescrypt
Apache License 2.0
641 stars 191 forks source link
aes-encryption android java

AESCrypt-Android

Android Arsenal

Simple API to perform AES encryption on Android with no dependancies. This is the Android counterpart to the AESCrypt library Ruby and AESCrypt-ObjC created by Gurpartap Singh. It used the same weak :'( security defaults i.e Blank IV noted below.

For compatiblity with AESCrypt, AESCrypt-Android has the same defaults namely:

*Using CBC with the default blank IV is vulnerable. This has been left in for compatibility with AESCrypt implementations. See Adv method for providing your own IV. If you don't need to be compatable with AESCrypt then look at java-aes-crypto it's API is just as simple and generates more secure keys.

Dependency

Download from Maven Central (.aar)

or

dependencies {
  compile 'com.scottyab:aescrypt:0.0.1'
}

Usage

Encrypt

String password = "password";
String message = "hello world"; 
try {
    String encryptedMsg = AESCrypt.encrypt(password, message);
}catch (GeneralSecurityException e){
    //handle error
}

Decrypt

String password = "password";
String encryptedMsg = "2B22cS3UC5s35WBihLBo8w==";
try {
    String messageAfterDecrypt = AESCrypt.decrypt(password, encryptedMsg);
}catch (GeneralSecurityException e){
     //handle error - could be due to incorrect password or tampered encryptedMsg
}

Recommended ~Advanced~ usage

Please if you are going to use this library provide your own key, and use a different IV per message that you encrypt..

AESCrypt.encrypt(final SecretKeySpec key, final byte[] iv, final byte[] message)

AESCrypt.decrypt(final SecretKeySpec key, final byte[] iv, final byte[] decodedCipherText)

Note: for flexibility these 'adv' methods don't provide BASE64 encoding/decoding.

Debugging/Logging

To enable logging simple change switch on the logging flag as shown below.

AESCrypt.DEBUG_LOG_ENABLED = true;

Remember to disable in Live, recommend the below snippet if possible

if (BuildConfig.DEBUG) {
    AESCrypt.DEBUG_LOG_ENABLED = true;
}

To be honest it's a strech to call this a library given it's only a single util class, but I created as went through a ton of pain working out the conpatible settings for AESCrypt. I hope this will save some one time in the future.

Contributing

I welcome pull requests, issues and feedback.

Licence

Copyright (c) 2014 Scott Alexander-Bown

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.