如何在Android中使用AES加密SD卡中的文件?

时间:2012-05-28 09:20:59

标签: android file encryption aes

我想从SD卡加密图像并使用AES再次将其存储在SD卡中。主要思想是应用程序浏览图像,然后在按下按钮时对其进行加密,然后将其存储在SD卡中。所以我的形象是安全的。

我已经成功使用本教程http://www.androidsnippets.com/encryptdecrypt-strings中的AES进行字符串加密,但我不知道如何使用图像,而不是字符串。

这是我用字符串做的方式:

public static String encrypt(String seed, String cleartext) throws Exception  
{
    byte[] rawKey = getRawKey(seed.getBytes());
    byte[] result = encrypt(rawKey, cleartext.getBytes()); 
    return toHex(result);
}

private static byte[] encrypt(byte[] raw, byte[] clear) throws Exception 
{
    SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
    Cipher cipher = Cipher.getInstance("AES");
    cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
    byte[] encrypted = cipher.doFinal(clear);
    return encrypted;
}

有人可以帮我提供示例代码,如何使用AES加密图像吗?

也许它必须使用I / O文件流,但我不知道如何使用此代码实现。

2 个答案:

答案 0 :(得分:64)

如果您输入密码的用户输入,请务必阅读this answer

你应该看看: CipherInputStreamCipherOutputStream。它们用于加密和解密字节流。

我有一个名为cleartext的文件。该文件包含:

Hi, I'm a clear text.
How are you?
That's awesome!

现在,您有一个encrypt()功能:

static void encrypt() throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException {
    // Here you read the cleartext.
    FileInputStream fis = new FileInputStream("data/cleartext");
    // This stream write the encrypted text. This stream will be wrapped by another stream.
    FileOutputStream fos = new FileOutputStream("data/encrypted");

    // Length is 16 byte
    // Careful when taking user input!!! https://stackoverflow.com/a/3452620/1188357
    SecretKeySpec sks = new SecretKeySpec("MyDifficultPassw".getBytes(), "AES");
    // Create cipher
    Cipher cipher = Cipher.getInstance("AES");
    cipher.init(Cipher.ENCRYPT_MODE, sks);
    // Wrap the output stream
    CipherOutputStream cos = new CipherOutputStream(fos, cipher);
    // Write bytes
    int b;
    byte[] d = new byte[8];
    while((b = fis.read(d)) != -1) {
        cos.write(d, 0, b);
    }
    // Flush and close streams.
    cos.flush();
    cos.close();
    fis.close();
}

执行此功能后,应该有一个文件名encrypted。该文件包含加密字符。

对于解密,您拥有decrypt功能:

static void decrypt() throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException {
    FileInputStream fis = new FileInputStream("data/encrypted");

    FileOutputStream fos = new FileOutputStream("data/decrypted");
    SecretKeySpec sks = new SecretKeySpec("MyDifficultPassw".getBytes(), "AES");
    Cipher cipher = Cipher.getInstance("AES");
    cipher.init(Cipher.DECRYPT_MODE, sks);
    CipherInputStream cis = new CipherInputStream(fis, cipher);
    int b;
    byte[] d = new byte[8];
    while((b = cis.read(d)) != -1) {
        fos.write(d, 0, b);
    }
    fos.flush();
    fos.close();
    cis.close();
}

执行解密后,应该有一个名为decrypted的文件。该文件包含自由文本。

你写的是“noob”但是根据加密的使用情况,如果你没有以正确的方式做到这一点,你可能会造成很大的伤害。了解你的工具!

使用CipherOutputStream Oracle documentation

SecretKeySpec skeySpec = new SecretKeySpec(y.getBytes(), "AES");

FileInputStream fis;
FileOutputStream fos;
CipherOutputStream cos;
// File you are reading from
fis = new FileInputStream("/tmp/a.txt");
// File output
fos = new FileOutputStream("/tmp/b.txt");

// Here the file is encrypted. The cipher1 has to be created.
// Key Length should be 128, 192 or 256 bit => i.e. 16 byte
SecretKeySpec skeySpec = new SecretKeySpec("MyDifficultPassw".getBytes(), "AES"); 
Cipher cipher1 = Cipher.getInstance("AES");  
cipher1.init(Cipher.ENCRYPT_MODE, skeySpec);
cos = new CipherOutputStream(fos, cipher1);
// Here you read from the file in fis and write to cos.
byte[] b = new byte[8];
int i = fis.read(b);
while (i != -1) {
    cos.write(b, 0, i);
    i = fis.read(b);
}
cos.flush();

因此,加密应该有效。当您反转该过程时,您应该能够读取解密的字节。

答案 1 :(得分:0)

从android 10开始,存在巨大的存储限制,因此与File类相比,DocumentFile将变得很常见。所以我也使用Uri提供答案。

fun Activity.encrypt(curLocUri: Uri, newLocUri: Uri, password: String, salt: String) : Boolean{
    // opening file input/outputStreams
    val fis = contentResolver.openInputStream(curLocUri) ?: return false
    val fos = contentResolver.openOutputStream(newLocUri) ?: return false

    try {
        var key: ByteArray = ("$salt$password").toByteArray(Charsets.UTF_8)
        val sha: MessageDigest = MessageDigest.getInstance("SHA-1")
        key = sha.digest(key)
        key = key.copyOf(16)
        val sks = SecretKeySpec(key, "AES")
        val cipher: Cipher = Cipher.getInstance("AES")
        cipher.init(Cipher.ENCRYPT_MODE, sks)
        val cos = CipherOutputStream(fos, cipher)
        var b: Int
        val d = ByteArray(8)
        while (fis.read(d).also { b = it } != -1) {
            cos.write(d, 0, b)
        }
        cos.flush()
        cos.close()
        return true
    } catch (e: Throwable){
        fis.close()
        fos.close()
        return false
    }
}

fun Activity.decrypt(curLocUri: Uri, newLocUri: Uri, password: String, salt: String): Boolean {
    // opening file input/outputStreams
    val fis = contentResolver.openInputStream(curLocUri) ?: return false
    val fos = contentResolver.openOutputStream(newLocUri) ?: return false

    try {
        var key: ByteArray = ("$salt$password").toByteArray(Charsets.UTF_8)
        val sha = MessageDigest.getInstance("SHA-1")
        key = sha.digest(key)
        key = Arrays.copyOf(key, 16)
        val sks = SecretKeySpec(key, "AES")
        val cipher = Cipher.getInstance("AES")
        cipher.init(Cipher.DECRYPT_MODE, sks)
        val cis = CipherInputStream(fis, cipher)
        var b: Int
        val d = ByteArray(8)
        while (cis.read(d).also { b = it } != -1) {
            fos.write(d, 0, b)
        }
        fos.flush()
        fos.close()
        cis.close()
        return true
    } catch (e: Throwable){
        fos.flush()
        fos.close()
        return false
    }
}

这里Uri是从onActivityResult的文件选择器接收的。

例如,您可以找到它here