how to encrypt data in android?

I am new to android. I am trying to learn and work on it. Can some one help me with the following issue. I have some fields to be encrypted and uploaded to a DB using android. The fields which should be encrypted are DOB, Email id, Phone number and some ot开发者_如何学Cher numeric values. Now I am doing some formal encryption by substitution. Can some one help me with an example to do some standard form of encryption.

There are a lot of encryption libraries out there, but it depends on which language you are using. For Java, take a look here: http://www.androidsnippets.com/encryptdecrypt-strings.

Or use Google and search for

android +encryption +library +<your programming language>

The biggest challenge I believe is what encryption to use and how to keep the secret key safe. It doesn't matter what data you want to encrypt or where you want to store it. The key has to remain a secret. And you need to be able to use the exact same key to get the data decrypted.

You can 't store the key together with the data itself. Even not within the protected app resources. Some alternatives:

Getting the key from a service

Get the key (in a secure way) from a remote service. This adds the challenge to protect that communication channel but if possible it might be a valid approach.

The below code example can be used with a key retrieved elsewhere. Just check the encrypt and decrypt parts of the code.

Using a Password derived Key

Another option is using secret input from the user (aka password) to generate a key. The method that generates the key will always return the same key for each unique password. Hence you can recover the key if the user enters the password.

Ideally this password is never stored and always prompted for on each encryption/decryption need. This also relies on a proper password choice from the user.

A code example that shows key generation, encryption and decryption of some sample data. Note how we don't use the default settings for the key generation.

package com.example.android.secure;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

public class EncryptionManager {

 // we should get a password from the user
 String password = "...";
 String PBE_ALGORITHM = "PBEWithSHA256And256BitAES-CBC-BC";
 // Important not to rely on default here !!!! use CBC instead of ECB
 String CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";
 int NUM_OF_ITERATIONS = 1000;
 int KEY_SIZE = 256;
 // generated on first run
 byte[] salt = "abababababababababa bab".getBytes();
 byte[] iv = "1234567890abcdef".getBytes();
 // This is the value to be encrypted.
 String clearText = "...";
 byte[] encryptedText;
 byte[] decryptedText;

 public void exampleCodeNoRealMethod() {
    try {
       PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), salt, NUM_OF_ITERATIONS, KEY_SIZE);
       SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(PBE_ALGORITHM);
       SecretKey tempKey = keyFactory.generateSecret(pbeKeySpec);
       SecretKey secretKey = new SecretKeySpec(tempKey.getEncoded(), "AES");
       IvParameterSpec ivSpec = new IvParameterSpec(iv);
       Cipher encCipher = Cipher.getInstance(CIPHER_ALGORITHM);
       encCipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
       Cipher decCipher = Cipher.getInstance(CIPHER_ALGORITHM);
       decCipher.init(Cipher.DECRYPT_MODE, secretKey, ivSpec);
       encryptedText = encCipher.doFinal(clearText.getBytes());
       decryptedText = decCipher.doFinal(encryptedText);
       String sameAsClearText = new String(decryptedText);
    } catch (Exception e) { 
       // TODO handle this exception
    }
 }

}

Using the Android KeyStore

This is a new feature only available on the latest Android devices. More information can be found on this blog post. I added a snippet from there:

public static SecretKey generateKey(char[] passphraseOrPin, byte[] salt) throws NoSuchAlgorithmException, InvalidKeySpecException {
    // Number of PBKDF2 hardening rounds to use. Larger values increase
    // computation time. You should select a value that causes computation
    // to take >100ms.
    final int iterations = 1000; 

    // Generate a 256-bit key
    final int outputKeyLength = 256;

    SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
    KeySpec keySpec = new PBEKeySpec(passphraseOrPin, salt, iterations, outputKeyLength);
    SecretKey secretKey = secretKeyFactory.generateSecret(keySpec);
    return secretKey;
}