**Android Development, will inevitably encounter the need to decrypt some of the data content to the local file, or transmission over the network to other servers and devices, but not the use of encryption is absolutely safe, if the encryption function is used incorrectly, encrypted data is vulnerable to reverse attack. There are also many developers who are unaware of the problem of cryptographic algorithms.**

1. Basic concepts that need to be understood

The three major functions of cryptography: Encryption (encryption), authentication (authentication), identification (identification)

Encryption: Prevent bad guys from getting your data.

Certification: Prevent bad guys from modifying your data and you're not finding it.

Authentication: Prevent bad people from impersonating you.

PlainText, ciphertext, key, symmetric encryption algorithm, asymmetric encryption algorithm, these basic concepts and the principle of encryption algorithm is not unfolded.

2. API provided by Android SDK

**2.1 Android Encryption-related API architecture**
The Android SDK uses APIs that are basically similar to Java provided by Java Cryptography Architecture (Jca,java encryption architecture), Java Cryptography Extension (JCE, Java Encryption Extension pack), Java secure Sockets Extension (Jsse,java Secure Sockets extension Pack), Java Authentication and authentication Service (Jaas,java Authentication and security services).

JCA provides basic cryptographic frameworks, such as certificates, digital signatures, message digests, and key pair generator, corresponding to the following packages in the Android API:

JCE extends JCA and provides a variety of cryptographic algorithms, digest algorithms, Key management and other functions, corresponding to the following packages in the Android API:

Jsse provides SSL (based on Secure Sockets Layer) encryption, using HTTPS encrypted transmission, the corresponding Android API is mainly in the Java.net.ssl package.

JAAS provides the ability to authenticate users on the Java platform. The corresponding Android API is mainly in the following several packages:

They are really just a set of interfaces, the actual algorithm is available by different provider, the Android API default provider is mainly bouncy castle and OpenSSL.

In addition, the Android API provides android.security and Android.security.keystore (API 23 added) to manage keychain and KeyStore.

**2.2 Base64 Coding algorithm**
The BASE64 encoding algorithm is a method that uses 64 characters (abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456789+/) to represent any binary data. In the early days of the development of the computer network, due to "historical reasons", e-mail does not support non-ASCII characters, if the e-mail to be sent with non-ASCII characters (such as Chinese) or pictures, the user receives the e-mail will be a bunch of garbled, so invented the Base64 encoding algorithm. Why is it garbled? Please google for yourselves. In the encryption and decryption algorithm, the original data and the encrypted data is generally binary data, in order to not transmit errors, convenient to save or debug code, generally need to encrypt the data base64 encoding.

Android provides BASE64 encoded tool class Android.util.Base64, which can be used directly without having to implement base64 coding algorithms yourself.

Such as:

**Developer's advice:** base64 is just a coding method, not an encryption algorithm, and do not use Base64 to encrypt data.

**2.3 Random number generator**
Use SecureRandom to get random numbers when random numbers are needed in an Android encryption algorithm.

Such as:

Be careful not to set the seed for SecureRandom. Calling seeded constructor or Setseed (byte[]) is not secure. SecureRandom () uses dev/urandom as the seed generator by default, and the seed is unpredictable.

**Developer Advice:** ** **

1. Do not use the random class to get the stochastic number.

2, do not set the seed when using SecureRandom. It is risky to use the following function to set the seed:

**2.4 Hash Algorithm**
Hash algorithm refers to any length of string input, this algorithm can give a fixed n-bit string output, the output of the string is generally called the hash value.

Has the following two characteristics:

Anti-collision: finding two different inputs to get the same output value is not feasible in calculation, it takes about a time to find two input strings with the same output.

Irreversible: cannot derive its initial state from the result.

Collision resistance makes the hash algorithm change any bit of the original input, resulting in different hash values, so the hash algorithm can be used to verify the integrity of the data. We often see that when downloading a file on some websites, the website also provides a hash value for the file to verify that the file has been tampered with after downloading it.

The non-reversible feature makes the hash algorithm a one-way cipher system, which can only encrypt and encrypt the credentials of the user's login password.

**Developer Advice:**

1, the proposed use of SHA-256, SHA-3 algorithm.

If you use the SHA-256 algorithm to hash the message string

2, it is not recommended to use MD2, MD4, MD5, SHA-1, RIPEMD algorithm to encrypt the user password and other sensitive information. This type of algorithm has a lot of methods, such as MD5 algorithm, there are many queries on the Internet Dictionary Library, give the MD5 value, you can find the data before encryption.

3. Do not use the hash function as the signature of the symmetric cryptographic algorithm.

**4, note: When more than one string of strings to do hash, be very careful.**

such as: string S, String T, string to do hash, remember H (s| | T). However, the following conditions may occur. such as "builtin| | Securely "and" built| | Insecurely "The hash value is exactly the same.

How to modify to avoid the above problems?

Change to H (length (S) | | S | | T) or H (H (S) | | H (T)) or H (H (S) | | T).

The actual development process will often be the parameters of the URL, do a dictionary sort, and then take the parameter name and value string after adding a secret string, calculate the hash value, as the signature of this URL,

such as Foo=1, bar=2, baz=3 after sorting for bar=2, baz=3, foo=1, do hash string is: Secretbar2baz3foo1, there is no delimiter between parameters and values, then "Foo=bar" and "Foob=ar" The hash value is the same, "Foo=bar&fooble=baz" and "Foo=barfooblebaz", so that through the careful construction of malicious parameters may be the same as the normal parameters of the hash value, thus tricking the server signature verification.

**2.5 message authentication algorithm**
To ensure that encrypted messages are not forged by others, you need to provide a message authentication code (mac,message authentication code).

The message authentication code is a hash function with a key, based on the key and the hash function.

The key parties have agreed beforehand that the third party cannot be known.

The message sender uses the MAC algorithm to calculate the Mac value of the message, appended to the message and sent to the recipient.

After the recipient receives the message, the same MAC algorithm is used to calculate the received message Mac value, and compares it to the received Mac value.

**Developer Advice:**

It is recommended to use the HMAC-SHA256 algorithm to avoid using CBC-MAC.

hmac-sha256 examples are as follows:

**2.6 symmetric encryption algorithm**
In the symmetric encryption algorithm, the sender of the data sends the plaintext (raw data) and the encryption key together by a special encryption algorithm, which makes it into a complex cipher cipher. After receiving the ciphertext, if you want to interpret the original text, it is necessary to decrypt the ciphertext by using the encryption key and the inverse algorithm of the same algorithm, so that it can be restored to readable plaintext. In the symmetric encryption algorithm, only one key is used, both parties use this key to encrypt and decrypt the data, which requires the decryption party must know the encryption key beforehand.

The **disadvantage of this algorithm is that if the key leaks, then the encrypted content will not be trusted. **

**Developer Advice:**

1, the proposed use of AES algorithm.

2, des Default is a 56-bit encryption key, is not safe, is not recommended to use.

3. Note that the encryption mode does not use ECB mode. The ECB mode is unsafe, stating the problem of the classic three pictures, such as

Clear text is:

After using the ECB encryption mode:

After using CBC encryption mode:

For more in-depth understanding of the CBC encryption mode attack, see: "SSL/TLS Protocol security series: Introduction to the weak security of CBC mode (i)" http://drops.wooyun.org/tips/6619

4. The AES encryption algorithm API provided by Android uses the ECB mode by default, so the encryption algorithm is explicitly specified as: CBC or CFB mode, which can be filled with pkcs5padding. The AES key length is at least 128 bits and 256 bits are recommended.

**2.7 Asymmetric Encryption**
An asymmetric encryption algorithm requires two keys: Public key (PublicKey) and private key (Privatekey). Public key and private key is a pair, if the data encrypted with public key, only with the corresponding private key to decrypt, if the private key to encrypt the data, then only the corresponding public key can be decrypted (this process can be digitally signed).

Asymmetric encryption mainly uses the RSA algorithm.

**Developer Advice:**

1, note that the key length is not less than 512 bits, we recommend the use of 2048-bit key length.

Algorithms that use RSA for digital signatures, such as:

2, using RSA algorithm to do encryption, RSA encryption algorithm should use Cipher.getinstance (rsa/ecb/oaepwithsha256andmgf1padding), otherwise there will be the risk of replay attack. Such as:

**2.8 Encryption Algorithm PBE**
PBE is a password-based encryption algorithm, which is characterized by the use of passwords instead of keys, and passwords by the user's own control, using random number hashing multiple encryption methods to ensure data security.

**Developer Advice:**

When using a password-based cryptographic algorithm PBE, the key is generated with salt, the value of the salt is best derived from securerandom, and the number of iterations is specified.

Such as:

(All of the above example algorithms are for reference only)

3. Summary

Several principles:

1, do not design encryption algorithms and protocols, using industry-standard algorithms.

2, symmetric encryption algorithm do not use the ECB mode, the use of DES algorithm is not recommended.

3. To select the appropriate length of the key.

4, to ensure that the seed of the random number generator has enough information entropy.

5, do not use the encryption algorithm without message authentication to encrypt messages, can not anti-replay.

6, when a number of string concatenation after making a hash, be very careful.

7, when the algorithm plus Yan salt to take the value of not too short, do not repeat.

8, when using the initialization vector IV, the IV is a constant CBC,CFB,GCM and so on as the ECB can replay, that is, the last piece of the previous message as an IV of the next message is not safe.

9, the key should follow the principle

(1) The key can not be constant, should be random, periodic replacement, if the encryption of data using the key is a constant, then the same plaintext encryption will be the same ciphertext, it is difficult to prevent dictionary attacks.

(2) Develop students to prevent the problem of hard-coded key.

In the actual development, how to save the key is always around the threshold? If hard-coded in the code is easy to reverse, if placed in a device file, will be experienced by the cracker reverse find, where the security component of the security components, which provides secure encryption of the developer key security management and encryption algorithm implementation, ensure the security of the key, to achieve secure encryption and decryption operations.

Encryption Algorithm 2