我正在像这样用KeyStore进行加密和解密。
这是流程。在我将字符串传递给加密方法之后,我同时保存了加密和iv,以便以后可以使用它检索值。问题有时,某些加密值无法正确检索...并非全部!因此,我认为我加密了10个项目并将其保存在某个位置(加密和iv)。然后,当我想要检索其中一个时,就无法正确检索!
init {
keyStore = KeyStore.getInstance(ANDROID_KEY_STORE)
keyStore.load(null)
cipher = Cipher.getInstance("AES/GCM/NoPadding")
}
fun encryptData(text: String): Pair<ByteArray, String>? {
try {
cipher.init(Cipher.ENCRYPT_MODE, getSecretKet(ALIAS))
val iv = cipher.iv.toString(Charsets.ISO_8859_1)
val result = cipher.doFinal(text.toByteArray(Charsets.ISO_8859_1))
Timber.i("$TAG encrypted data $result")
Timber.i("$TAG encrypted iv $iv")
return if (result != null) {
Pair(result, iv)
} else {
null
}
} catch (e: Exception) {
Timber.e("$TAG error encryptData", e)
return null
}
}
fun decryptData(encryptedData: ByteArray, iv: ByteArray): String {
return try {
val spec = GCMParameterSpec(128, iv)
cipher.init(Cipher.DECRYPT_MODE, getSecretKet(ALIAS), spec)
val result = cipher.doFinal(encryptedData).toString(Charsets.ISO_8859_1)
Timber.i("$TAG decrypted data $result")
result
} catch (e: Exception) {
Timber.e("$TAG decryptData error may string was not encrypted", e)
encryptedData.toString()
}
}
这是为了获取密钥。首先,我可能是我的钥匙有问题,所以我以这种方式实现了它,并且该类是单调的。但是事情是一段时间后,当我重新打开应用程序时,该密钥有何不同(我认为,因为iv和加密值以及密码是固定的)。我还使用 Charsets.ISO_8859_1 提示,发现此字符集最好保留所有字符并减少损失。 然后我认为可能存在节省空间的问题,因此为了进行测试,我只是从带有sstring字段的Room db移到带有字符串的SharePref。但是问题是相同的,所以现在我要确保它不是关于savig存储库。
private fun getSecretKet(alias: String): Key {
if (keyStore.containsAlias(alias)) {
//Try for existing key
return keyStore.getKey(alias, null)
} else {
//Key is not present, create new one.
val keyGenerator = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
val kGenerator =
KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, ANDROID_KEY_STORE)
val specs = KeyGenParameterSpec
.Builder(
alias,
KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT
)
.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.build()
kGenerator.init(specs)
kGenerator
} else {
KeyGenerator.getInstance(ANDROID_KEY_STORE);
}
return keyGenerator.generateKey()
}
}
我认为这很有效,但大多数情况下都可以正常工作,但是如上所述,最终我无法获得一些加密数据。任何人有什么主意吗?
答案 0 :(得分:0)
我最终将更深入地研究AES更改实现,以解决此问题。
首先,我认为它将在@PresidentJamesMovelenPolk的帮助下从字符串加密中获取,但是我测试了即使通过ISO_8859_1进行的这种加密也能很好地工作。这是最后的实现:
companion object {
const val TRANSFORMATION = "AES/GCM/NoPadding"
const val ANDROID_KEY_STORE = "AndroidKeyStore"
const val ALIAS = "MyApp"
const val TAG = "KeyStoreManager"
}
private var keyStore: KeyStore
init {
keyStore = KeyStore.getInstance(ANDROID_KEY_STORE)
keyStore.load(null)
}
fun encryptData(text: String): Pair<ByteArray, String>? {
try {
val cipher = Cipher.getInstance(TRANSFORMATION)
cipher.init(Cipher.ENCRYPT_MODE, getSecretKet(ALIAS))
val iv = cipher.iv
val result = cipher.doFinal(text.toByteArray(Charsets.ISO_8859_1))
val resultIv = Base64.encodeToString(iv, Base64.NO_WRAP)
Timber.i("$TAG encrypted data $result")
Timber.i("$TAG encrypted iv $iv")
return if (result != null) {
Pair(result, resultIv)
} else {
null
}
} catch (e: Exception) {
Timber.e("$TAG error encryptData", e)
return null
}
}
fun encryptString(text: String): SecuredData? {
return try {
val result = encryptData(text)
if (result != null) {
SecuredData(result.first.toString(Charsets.ISO_8859_1), result.second)
} else {
null
}
} catch (e: Exception) {
Timber.e("$TAG error encryptString", e)
null
}
}
/**
Get pair of encrypted value and iv
*/
fun decryptString(encryptedString: String, iv: String): String {
return try {
val result = decryptData(
encryptedString.toByteArray(Charsets.ISO_8859_1),
Base64.decode(iv, Base64.NO_WRAP)
)
result
} catch (e: java.lang.Exception) {
Timber.e("Error in convert to Base64")
encryptedString
}
}
fun decryptData(encryptedData: ByteArray, iv: ByteArray): String {
return try {
val cipher = Cipher.getInstance(TRANSFORMATION)
val spec = GCMParameterSpec(128, iv)
cipher.init(Cipher.DECRYPT_MODE, getSecretKet(ALIAS), spec)
val result = cipher.doFinal(encryptedData).toString(Charsets.ISO_8859_1)
Timber.i("$TAG decrypted data $result")
result
} catch (e: Exception) {
Timber.e("$TAG decryptData error may string was not encrypted", e)
encryptedData.toString()
}
}
private fun getSecretKet(alias: String): Key {
if (keyStore.containsAlias(alias)) {
// Try for existing key
return keyStore.getKey(alias, null)
} else {
// Key is not present, create new one.
val keyGenerator = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
val kGenerator =
KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, ANDROID_KEY_STORE)
val specs = KeyGenParameterSpec
.Builder(
alias,
KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT
)
.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.build()
kGenerator.init(specs)
kGenerator
} else {
KeyGenerator.getInstance(ANDROID_KEY_STORE)
}
return keyGenerator.generateKey()
}
}
@Keep
data class SecuredData(val value: String, val iv: String)