Home

Awesome

java-aes-crypto

This AES library is very simple and works only on Android. For a cross-platform encryption system, please use TozStore. It's available for Android, iOS, and JavaScript for the browser, as well as back-end systems like Node, Ruby, Python, Java, and Go.

Java-AES-Crypto is Tozny's simple Android class for encrypting & decrypting strings, aiming to avoid serious cryptographic errors that most such classes suffer from. Show me the code

Features

Here are the features of this class. We believe that these properties are consistent with what a lot of people are looking for when encrypting Strings in Android.

How to include in project?

Copy and paste

It's a single very simple java class, AesCbcWithIntegrity.java that works across most or all versions of Android. The class should be easy to paste into an existing codebase.

Android Library project

The library is in Android library project format so you can clone this project and add as a library module/project.

Maven Dependency

We've also published the library AAR file via Jitpack for simple gradle dependency management:

Add the Jitpack repository to your root build.gradle:

allprojects {
  repositories {
    ...
    maven { url 'https://jitpack.io' }
  }
}

Add the dependency to your project's build.gradle:

dependencies {
  compile 'com.github.tozny:java-aes-crypto:1.1.0'
}

Examples

Generate new key

  AesCbcWithIntegrity.SecretKeys keys = AesCbcWithIntegrity.generateKey();

Generate a key from a password or passphrase

  EXAMPLE_PASSWORD = // Get password from user input
  String salt = saltString(generateSalt());
  // You can store the salt, it's not secret. Don't store the key. Derive from password every time
  Log.i(TAG, "Salt: " + salt);
  key = generateKeyFromPassword(EXAMPLE_PASSWORD, salt);

Encrypt

   AesCbcWithIntegrity.CipherTextIvMac cipherTextIvMac = AesCbcWithIntegrity.encrypt("some test", keys);
   //store or send to server
   String ciphertextString = cipherTextIvMac.toString();

Decrypt

  //Use the constructor to re-create the CipherTextIvMac class from the string:
  CipherTextIvMac cipherTextIvMac = new CipherTextIvMac (cipherTextString);
  String plainText = AesCbcWithIntegrity.decryptString(cipherTextIvMac, keys);

Storing Keys

Once you've generated a random key, you naturally might want to store it. This may work for some use cases, but please be aware that if you store the key in the same place that you store the encrypted data, your solution is not cryptographically sound since the attacker can just get both the key and the encrypted text. Instead, you should use either the Keystore infrastructure or consider generating the key from a passphrase and using that to encrypt the user data.

If despite the above you still want to store the key, you can convert the keys to a string using the included functions and store them in preferences or SQLite.

Note that if you hard-code keys or passphrases, or generate them from a static value, you will likely get an error message from the Android security scanner.

License

The included MIT license is compatible with open source or commercial products. Tozny also offers custom support and licensing terms if your organization has different needs. Contact us at info@tozny.com for more details.