Detailed analysis of mobile application encryption tool instances
With the popularization of the mobile Internet, more and more mobile applications are falling into the security door, and various information leaks and hacking storms emerge one after another. More and more hackers are eyeing mobile apps, while SD cards store personal information in plain text, usernames and passwords that are not encrypted in the database, collect and analyze the information and send it to remote servers in plain text, these situations make it easier for hackers to attack.
Correct use of Cryptography can protect our sensitive data and ensure privacy and data integrity. On the other hand, encryption is difficult to use and is prone to misuse. We recommend the encryption tools applicable to mobile apps.
Bouncy Castle
Legion of the Bouncy Castle is a public interest group from Australia who compiled the wide-used class library Bouncy Castle. This library provides both a lightweight cryptographic API and a Java cryptographic extension provider. The Android platform has built a simplified old version of Bouncy Castle (and some minor changes have been made to adapt to the Android platform ). The result is that any attempt to build and use the latest BouncyCastle class library in the application will cause a class loading conflict.
Spongy Castle
The motivation behind policgycastle is to allow Android Developers to use any version of The BouncyCastle class library in their applications. The latest version of BouncyCastle is simply repackaged; All org. bouncycastle. * rename the package to org. spongycastle. * The names of all Java security API providers are changed from BC to SC.
OpenSSL
OpenSSL is an open-source toolkit that implements SSL and TLS protocols and a common keystore. OpenSSL has been transplanted to many platforms, including android. As an alternative, you can also build from the source code and then bind it to the application. These toolkit did not implement any peculiar encryption function, nor did they try to replace any of the above cryptographic libraries; instead, they were built based on these class libraries, the only purpose is to make encryption easier and safer.
Unlike General cryptographic libraries, these toolkits generally support only a portion of algorithms, patterns, structures, and parameters. The sdks provide you with reasonable default values for what you need to set for common encryption tools, in case you know what you want but do not know how to use them, or you only need to have a security solution. Let's check several of these toolkit types to better understand their operating rules.
Keyczar
Keyczar is an open-source toolkit. It was initially developed by two members of Google's security team and implemented in Java, Python, and C ++ languages, symmetric encryption and heap encryption are supported. Keyczar provides default security settings, including algorithms, key length and mode, key loop and versioning, automatic generation of initial vectors and authorization codes, and support for internationalization. This toolkit is built based on JCE and uses the security provider of javasgy Castle.
AeroGear Crypto
AeroGear Crypto is a small Java library provided by AeroGear. It supports verifiable symmetric encryption, elliptic curve encryption, and password-based key derivation. It also provides explicit algorithm settings. AeroGear Crypto depends on javasgy Castle on android and Bouncy Castle on other platforms. This library is also available on iOS, Windows Phone, and Cordova.
Conceal
Facebook developed Conceal to quickly encrypt and authenticate large files on the SD card with very little memory. Conceal supports both authentication and encryption, and also provides the key management function by default. It uses OpenSSL, but only contains the part that you need, so its size is only 85KB. The results published on the Conceal site show that it is better than Bouncy Castle.
The following table summarizes the encryption libraries described above. All the databases described above allow new users in encryption to perform encryption securely. However, senior developers may not use these default practices, you can specify all the encryption details as you wish (just as they are using other cryptographic libraries ). Here, we need to propose that new users can use mobile app encryption services, such as love encryption and cloud security, to effectively and comprehensively protect the security of mobile apps.
Encrypted Library
Development Company
License
AeroGear Crypto
AeroGear
In Apache 2.0
Conceal
Facebook
BSD
Keyczar
--
In Apache 2.0
If you are a mobile app developer, you have to spend time and energy making your apps easy to use, feature-rich, and eye-catching. However, do not forget to improve the security of your apps. If you don't know how to start or worry about wrong operations, select one from the Toolkit mentioned in the article to start. No matter which encryption tool you choose, you should avoid implementing your own encryption algorithms and encryption protocols. You should only use widely-used, universally accepted, and tested algorithms and protocols.