Javax.crypto Base64 help needed

StackOverflow https://stackoverflow.com/questions/13300310

Question

I am a novice android programmer that needs assistance encrypting and decrypting EditText strings stored in SharedPreferences. This seems as if it should be a very common procedure and should have many tutorials covering how to accomplish this but I have not found very good information or guidance. I followed the instructions given HERE but my data shows up in clear text when checking my xml file. Any help will be greatly appreciated.

Class receives EditText string and encodes:

private SharedPreferences sp;


Intent i;
Button regBttn,rtnBttn;
EditText rName,rPwd;
String user, pass, chk;
String stat="a";
String key = "N@!an@jajpn!==";


/** Called when the activity is first created. */
@Override
public void onCreate(Bundle savedInstanceState)
{


     super.onCreate(savedInstanceState);
     setContentView(R.layout.register);

    rName=(EditText)findViewById(R.id.reg_uname);
    rPwd=(EditText)findViewById(R.id.reg_pswd);
    regBttn=(Button)findViewById(R.id.reg_button);
    rtnBttn=(Button)findViewById(R.id.rtn_button); 
    regBttn.setOnClickListener(this);
    rtnBttn.setOnClickListener(this);

    sp=this.getSharedPreferences("AccessApp", MODE_WORLD_READABLE);
    chk=sp.getString("USERNAME_KEY", "");
    if(chk.length()!=0){
    sp=getSharedPreferences("AccessApp",MODE_WORLD_WRITEABLE); 

    i=new Intent(this,AccessApp.class);
    startActivity(i); 

    }     
   }

public void onClick(View arg0) {
    user=rName.getText().toString().trim();
    pass=rPwd.getText().toString().trim();

    if(arg0==regBttn){     
       if((user.length()!=0))
        {
         if((pass.length()!=0))
            {

        sp=getSharedPreferences("AccessApp",MODE_WORLD_WRITEABLE);
        Editor myEditor=sp.edit();

        try {

            byte[ ] superSecretKeyBytes = Base64.decode(user);
            byte[] key = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6 };
            for (int i = 0; i < superSecretKeyBytes.length && i < key.length; i++) {
                key[i] = superSecretKeyBytes[i];
                myEditor.putString("USERNAME_KEY", user);
            }
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }   
        try {

            byte[ ] superSecretKeyBytes = Base64.decode(pass);
            byte[] key = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6 };
            for (int i = 0; i < superSecretKeyBytes.length && i < key.length; i++) {
                key[i] = superSecretKeyBytes[i];
                myEditor.putString("PASSWORD_KEY", pass);
            }
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

        myEditor.commit();
        Toast.makeText(this, "Registration is successfull",10000).show();
        i=new Intent(this,AccessApp.class);
        startActivity(i);
        }
        else
         {
          Toast.makeText(this, "Please Enter password", 10000).show();  
         }
         }
        else{
            Toast.makeText(this,"Please Enter Username",10000).show();
         }
        }

    else if(arg0==rtnBttn){
        AlertDialog.Builder builder=new AlertDialog.Builder(this);
         builder.setTitle("Exit");
         builder.setMessage("Do you want to exit");
         builder.setCancelable(false);
         builder.setPositiveButton("Yes",new DialogInterface.OnClickListener() {

  public void onClick(DialogInterface dialog, int which) {
  // TODO Auto-generated method stub
  finish();
  }
  });
    builder.setNegativeButton("No", new DialogInterface.OnClickListener() {

            public void onClick(DialogInterface arg0, int arg1) {
               arg0.cancel();
            }
        });
    AlertDialog alert=builder.create();
    alert.show();

    }
}
public String encrypt(String toencrypt, byte key[]) throws Exception {
    SecretKeySpec secret = new SecretKeySpec(key, "AES");
    Cipher cipher = Cipher.getInstance("AES");
    cipher.init(Cipher.ENCRYPT_MODE, secret);
    byte[] encryptedbytes = cipher.doFinal(toencrypt.getBytes());
    String encrypted = Base64.encodeBytes(encryptedbytes, 0);
    return encrypted;

}

}

Class used to decrypt and compare:

public class AccessApp extends Activity implements OnClickListener {
private SharedPreferences sp;
String user,pass;
Button lBttn,cBttn;
EditText uname,pword;
Intent i;

int flag=0;

/** Called when the activity is first created. */
@Override
public void onCreate(Bundle savedInstanceState)
{ 
    super.onCreate(savedInstanceState);
    setContentView(R.layout.main);
    lBttn=(Button)findViewById(R.id.login_button);
    cBttn=(Button)findViewById(R.id.cancel_button);
    uname=(EditText)findViewById(R.id.username);
    pword=(EditText)findViewById(R.id.password);

    lBttn.setOnClickListener(this);
    cBttn.setOnClickListener(this);
}
public void onClick(View arg0) {

    sp=this.getSharedPreferences("AccessApp", MODE_WORLD_READABLE);
    user = sp.getString("USERNAME_KEY", "");
    pass = sp.getString("PASSWORD_KEY", "");




   if(lBttn.equals(arg0)){

      if((uname.getText().toString().equals(user))&& 
        (pword.getText().toString().equals(pass)))

            {
          Toast.makeText(this, "You are Logged In", 20000).show();

               Intent intent;
               intent=new Intent(this,details.class);
               startActivity(intent);
              flag=1;
            }

        else 
           {
            Toast.makeText(this, "Wrong Username or Password",20000).show();
            flag=0;   
           }       
        } 
        else if(cBttn==arg0){
            AlertDialog.Builder builder=new AlertDialog.Builder(this);
          builder.setTitle("Exit");
         builder.setMessage("Do you want to exit");
    builder.setCancelable(false);
    builder.setPositiveButton("Yes",new DialogInterface.OnClickListener() {

 public void onClick(DialogInterface dialog, int which) {
 // TODO Auto-generated method stub
Intent intent = new Intent(Intent.ACTION_MAIN);
intent.addCategory(Intent.CATEGORY_HOME);
intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
startActivity(intent);

 finish();
 }
 });
    builder.setNegativeButton("No", new DialogInterface.OnClickListener() {

            public void onClick(DialogInterface arg0, int arg1) {
               arg0.cancel();
            }
        });
    AlertDialog alert=builder.create();
    alert.show();

        }

    }
@Override
public boolean onKeyDown(int keyCode, KeyEvent event)  {
 if (keyCode == KeyEvent.KEYCODE_BACK && event.getRepeatCount() == 0) {

     Intent intent = new Intent(Intent.ACTION_MAIN);
        intent.addCategory(Intent.CATEGORY_HOME);
        intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
        startActivity(intent);
     finish();
 }
 return super.onKeyDown(keyCode, event);
}

public static String decrypt(String encryptedText, byte[ ] key) throws Exception {
    SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
    Cipher cipher = Cipher.getInstance("AES");
    cipher.init(Cipher.DECRYPT_MODE, skeySpec);
    byte[] toDecrypt = Base64.decode(encryptedText);
    byte[] encrypted = cipher.doFinal(toDecrypt);
    return new String(encrypted);
}
}
Was it helpful?

Solution

You seem to be saving the unencrypted username and password to the editor:

        byte[ ] superSecretKeyBytes = Base64.decode(pass);  
        byte[] key = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6 };
        for (int i = 0; i < superSecretKeyBytes.length && i < key.length; i++) {
            key[i] = superSecretKeyBytes[i];
            myEditor.putString("PASSWORD_KEY", pass);
        }

To be completely honest, I don't see why you're doing ANY of that. What you're actually doing seems really unnecessary, since you're decoding it into a byte array, creating a fixed-amount byte array, looping through the decoded array, and replacing the created fixed-amount array's data with the decoded one, and then adding the un-changed String password to the editor (which you're doing far too many times, also, btw). And I'm pretty sure that's not what you're trying to do.

I believe what you're trying to do there is actually encrypt it, but you never got around to it, so let's try this:

First, your key should be a static variable as if that changes, it will no longer be able to encrypt/decrypt appropriately.

byte[] key = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6 };

Now to encrypt the password, based on what you already have, call your encrypt method based on your secret key (in this case: key) and the String you want to encrypt (in this case: pass):

String encryptedPassword = encrypt(pass, key);

Now encryptedPassword contains the Base64 encrypted form of your password based on the key you entered. Now all that's left to do is save the encrypted form of your password with the editor, instead of the unencrypted form like you were doing previously.

myEditor.putString("PASSWORD_KEY", encryptedPassword);

So now when you call myEditor.commit(), you'll store the encrypted form.

Here's the edited onClick method from the first source file for both username and password encryption. I didn't look at your decryption part, but you should be able to figure it out based on what I gave you:

public void onClick(View arg0) {
    user=rName.getText().toString().trim();
    pass=rPwd.getText().toString().trim();

    if(arg0==regBttn){     
       if((user.length()!=0))
        {
          if((pass.length()!=0))
        {

        sp=getSharedPreferences("AccessApp",MODE_WORLD_WRITEABLE);
        Editor myEditor=sp.edit();

        byte[] key = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6 };

        try {
             String encryptedUser = encrypt(user, key);  
             myEditor.putString("USERNAME_KEY", encryptedUser); 
        }
    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }   
    try {
             String encryptedPass = encrypt(pass, key);  
             myEditor.putString("PASSWORD_KEY", encryptedPass); 

    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

    myEditor.commit();
    Toast.makeText(this, "Registration is successfull",10000).show();
    i=new Intent(this,AccessApp.class);
    startActivity(i);
    }
    else
     {
      Toast.makeText(this, "Please Enter password", 10000).show();  
     }
     }
    else{
        Toast.makeText(this,"Please Enter Username",10000).show();
     }
    }

else if(arg0==rtnBttn){
    AlertDialog.Builder builder=new AlertDialog.Builder(this);
     builder.setTitle("Exit");
     builder.setMessage("Do you want to exit");
     builder.setCancelable(false);
     builder.setPositiveButton("Yes",new DialogInterface.OnClickListener() {

  public void onClick(DialogInterface dialog, int which) {
  // TODO Auto-generated method stub
  finish();
  }
  });
    builder.setNegativeButton("No", new DialogInterface.OnClickListener() {

            public void onClick(DialogInterface arg0, int arg1) {
                arg0.cancel();
            }
        });
    AlertDialog alert=builder.create();
    alert.show();

    }
}

Hope it helps~

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top