I need to be able to send secure information to a variety of phones from Windows. I am a total novice in both iPhone and Android development, but need to create an easy to use app for each environment. Interfacing with received SMS text messages would also be nice. I would like to acquire code for AES 256 encryption for the iPhone, Android and Windows XP (and up).
Thanks
Murray
Few important things to note while implementing AES encryption:
1. Never use plain text as encryption key. Always hash the plain text key and then use for encryption.
2. Always use Random IV (initialization vector) for encryption and decryption. True randomization is important.
I recently wrote cross platform AES encryption and decryption library for C#, iOS and Android which I have posted on Github. You can see it here - https://github.com/Pakhee/Cross-platform-AES-encryption
For iPhone I used AESCrypt-ObjC, and for Android use this code:
public class AESCrypt {
private final Cipher cipher;
private final SecretKeySpec key;
private AlgorithmParameterSpec spec;
public AESCrypt(String password) throws Exception
{
// hash password with SHA-256 and crop the output to 128-bit for key
MessageDigest digest = MessageDigest.getInstance("SHA-256");
digest.update(password.getBytes("UTF-8"));
byte[] keyBytes = new byte[32];
System.arraycopy(digest.digest(), 0, keyBytes, 0, keyBytes.length);
cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
key = new SecretKeySpec(keyBytes, "AES");
spec = getIV();
}
public AlgorithmParameterSpec getIV()
{
byte[] iv = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, };
IvParameterSpec ivParameterSpec;
ivParameterSpec = new IvParameterSpec(iv);
return ivParameterSpec;
}
public String encrypt(String plainText) throws Exception
{
cipher.init(Cipher.ENCRYPT_MODE, key, spec);
byte[] encrypted = cipher.doFinal(plainText.getBytes("UTF-8"));
String encryptedText = new String(Base64.encode(encrypted, Base64.DEFAULT), "UTF-8");
return encryptedText;
}
public String decrypt(String cryptedText) throws Exception
{
cipher.init(Cipher.DECRYPT_MODE, key, spec);
byte[] bytes = Base64.decode(cryptedText, Base64.DEFAULT);
byte[] decrypted = cipher.doFinal(bytes);
String decryptedText = new String(decrypted, "UTF-8");
return decryptedText;
}
}
If you're still looking for an implementation for both devices, iPhone and Android have a look at this post. I created it together with a friend. Under the iPhone post you'll find the Android part. Both can be used by inserting them into your project like explained.
If you want to use another algorithm, you should look how they are called in iPhone and Android and change it everywhere inside the methods.
Different languages have different implementations of cryptographic classes. So I don't reckon there is a single library that will work on all platforms.
You haven't specified what language you use on Windows for your application. T
here is no easy way of encrypting and decrypting. So I suggest you at least get a solid foundcation on how encryption algorithms works with different key sizes, IV, modes of operation and padding. Also how to generate secure keys, how to transfer keys from one user to the other using asymmetric cryptography etc etc. Or do you already have the theoretical knowledge on cryptography?
For iPhone
I do not have any idea on the cryptographic classes provided in the SDK. However take a look at this question.
For Android
You have a few options here.
- BouncyCastle for Java
- javax.crypto package.
Here is a question you'd be interested in.
For Windows.
Also take a look at my answer for a similar question.
You should definitely study Cryptography before implementing them on your program. It would be really easy to use the built in functions but if you don't know what you are doing, you are giving your self a false sense of security and is possibly putting your customer's data on risk.
来源:https://stackoverflow.com/questions/5928915/wanted-compatible-aes-code-encrypt-decrypt-for-iphone-android-windows-xp