Data Encryption and Security Best Practices

api jyheo@hansung ac kr n.w
1 / 10
Embed
Share

Learn about API class recommendations for encryption using AES in either CBC or GCM mode with 256-bit keys, along with examples of MessageDigest, MAC, and digital signatures in Android development. Explore encryption, decryption, message digests, and digital signatures to enhance data security in your applications.

  • Encryption
  • Data Security
  • Android
  • Digital Signatures
  • AES
rayaanacharya
lcai Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. API (jyheo@hansung.ac.kr)

  2. API Class Recommendation Cipher AES in either CBC or GCM mode with 256-bit keys (such as AES/GCM/NoPadding) MessageDigest SHA-2 family (eg, SHA-256) Mac SHA-2 family HMAC (eg, HMACSHA256) Signature SHA-2 family with ECDSA (eg, SHA256withECDSA) https://developer.android.com/reference/javax/crypto/Cipher https://developer.android.com/reference/java/security/MessageDigest https://developer.android.com/reference/javax/crypto/Mac https://developer.android.com/reference/java/security/Signature

  3. Encryption https://developer.android.com/reference/javax/crypto/Cipher https://developer.android.com/reference/javax/crypto/KeyGenerator byte[] plaintext = "Hello".getBytes("utf-8"); // Encrypt KeyGenerator keygen = KeyGenerator.getInstance("AES"); keygen.init(256); // keysize = 256 SecretKey key = keygen.generateKey(); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING"); cipher.init(Cipher.ENCRYPT_MODE, key); byte[] ciphertext = cipher.doFinal(plaintext); byte[] iv = cipher.getIV();

  4. Decryption // Decrypt cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(iv)); byte[] decripyted_text = cipher.doFinal(ciphertext); Log.d("MY_APP_TAG", "Decrypted:" + new String(decripyted_text, "utf-8"));

  5. Message Digest Message Digest https://developer.android.com/reference/java/security/MessageDigest // Message Digest MessageDigest md = MessageDigest.getInstance("SHA-256"); byte[] digest = md.digest(plaintext);

  6. Digital Signature Digital Signature https://developer.android.com/reference/java/security/Signature https://developer.android.com/reference/java/security/KeyPairGenerator KeyPairGenerator keypairgen = KeyPairGenerator.getInstance("EC"); KeyPair keypair = keypairgen.generateKeyPair(); // Digital Signature Signature s = Signature.getInstance("SHA256withECDSA"); s.initSign(keypair.getPrivate()); s.update(plaintext); byte[] signature = s.sign();

  7. Verify a Digital Signature Verify a Digital Signature // Verify a Digital Signature s.initVerify(keypair.getPublic()); s.update(message); boolean valid = s.verify(signature); Log.d("MY_APP_TAG", "signature verfied:" + valid);

  8. EditText , . TextView . byte , byte[] encoded = key.getEncoded(); SecretKey key2 = new SecretKeySpec(encoded, "AES");

  9. KeyStore https://developer.android.com/reference/android/security/keystore/ KeyGenParameterSpec API Level 23

  10. KeyStore KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance( KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore"); keyPairGenerator.initialize( new KeyGenParameterSpec.Builder( "key1", // key alias KeyProperties.PURPOSE_SIGN) // .setAlgorithmParameterSpec(new ECGenParameterSpec("secp256r1")) .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512) .setUserAuthenticationRequired(true) .setUserAuthenticationValidityDurationSeconds(5 * 60) .build()); KeyPair keyPair = keyPairGenerator.generateKeyPair(); Signature signature = Signature.getInstance("SHA256withECDSA"); signature.initSign(keyPair.getPrivate()); Private key 5 // The key pair can also be obtained from the Android Keystore any time as follows: KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); PrivateKey privateKey = (PrivateKey) keyStore.getKey("key1", null); PublicKey publicKey = keyStore.getCertificate("key1").getPublicKey();

Related


Travel API Provider

Travel API Provider

Shru
Cruise API Provider

Cruise API Provider

Shru
API Lifecycle Patterns and Practices

API Lifecycle Patterns and Practices

octavius
Ingenious Ways to Utilize the Unofficial WhatsApp API in 2024

Ingenious Ways to Utilize the Unofficial WhatsApp API in 2024

quick3
Overview of HEC API Scripting Part 1 and 2: DSS Files, DataContainer, HecTime, HecMath

Overview of HEC API Scripting Part 1 and 2: DSS Files, DataContainer, HecTime, HecMath

claudio
Cruise Booking API

Cruise Booking API

Shru
Leading Soccer Betfair Match Odds API Provider in Bangladesh

Leading Soccer Betfair Match Odds API Provider in Bangladesh

CTFC
Best Fancy Bookmaker API Provider in Bangladesh

Best Fancy Bookmaker API Provider in Bangladesh

CTFC
Fancy Bookmaker API Provider in Bangladesh

Fancy Bookmaker API Provider in Bangladesh

CTFC
Discover Best Premium Fancy API Provider in Bangladesh

Discover Best Premium Fancy API Provider in Bangladesh

CTFC
Best Premium Fancy API Provider in Bangladesh

Best Premium Fancy API Provider in Bangladesh

CTFC
CTFC: Best Live Sports Score API Provider in Bangladesh

CTFC: Best Live Sports Score API Provider in Bangladesh

CTFC
Leading Live Sports Score API Provider in Bangladesh

Leading Live Sports Score API Provider in Bangladesh

CTFC
Amadeus Travel API

Amadeus Travel API

Shru
Streamline Your Data Reporting Process with PETSTABLISHED API Integration

Streamline Your Data Reporting Process with PETSTABLISHED API Integration

beaumont
CTFC: Leading Betting API Provider in Bangladesh

CTFC: Leading Betting API Provider in Bangladesh

CTFC
CTFC: Leading Betting API Provider in Bangladesh

CTFC: Leading Betting API Provider in Bangladesh

CTFC
Live Score API Provider in Bangladesh - Get Real-Time Cricket Updates!

Live Score API Provider in Bangladesh - Get Real-Time Cricket Updates!

ctfc1
Utilizing Femap API for Enhanced Modeling and Automation

Utilizing Femap API for Enhanced Modeling and Automation

carmelo
Overview of API 682 Shaft Sealing System for Centrifugal Pumps

Overview of API 682 Shaft Sealing System for Centrifugal Pumps

rubymae
Unlock the Best Fancy & Bookmaker API for Cricket with CTFC

Unlock the Best Fancy & Bookmaker API for Cricket with CTFC

ctfc2
Unlock the Best Fancy & Bookmaker API for Cricket with CTFC

Unlock the Best Fancy & Bookmaker API for Cricket with CTFC

ctfc2

More Related Content