There's a scenario, when your Android app connect to your server, there're some secret keys like authentication key, the keys for encrypting the data you send to the server and the keys for decrypting you get from the server... etc. You don't want users to reverse engineering your apk and find those keys easily, we've got two ways to hide your secret keys.
Using this program to encrypt your secret keys, you post those encrypted strings to your android project. Then, fill in the parameters generated by this program in your project for decryption to decrypt the messages.
- Generate encrypted messages.
- Generate a pair of RSA modulus and exponent for decryption.
private final static String[] secretKeys = { "secretKey1", "secretKey2", "secretKey3" };You'd get logs in your consult like that:
modulus:AKfszhN0I/O12wcJ+r4wX0Im//5+pGeSFCXo4jOH18khVsspwgDaZgUJRxYIeK87kDOmk8U1j01Rsx2UFlThMjfwT9oliR1K/QihIujN7dgLSnBHh8wWXBI+P+hZq01uF2qrvWZQ+t2JySVBh7DO9uXxdjHrOLou97w3pjZzU4zn
exponent:AQAB
secret key(Czc0SC):AXAKQPhPeQ/51PRnxkV+DY0VzIg+tVTq73BI4m4wjTJeIaOtDUx3AyWH4Qf5G3ATxSR95FDzlMOFvkdX/DKPc0txVNBITpubtsZ3ySoksnEHj1SkhJcVNiU+4UURHRq9lA5H0lNjw+61c+m/6cMQnbBtdPDzsD+GFoOz5sR96n0=
secret key(xvaw089):RaxDmeATQMXiAegzpO1amOCUovukbV6n+qbPYL1W522YuDTHey++EeRf7KadnWIYjY3Yvahh0PuPy9RyVML3oRCPdANif/AflXk3+2h7k3i5OcfxhE6pzoMYCqLC2gmDGAoVab0qVBLzSwq5RQwuaqFh+s7M3FXNuQ69Zt5HFAg=
secret key(ca90vj):DrwO6zYO2/Na982dcwdmxdcBSvmBOSifb7mcPWFZXq1HeNdC0izSrHqtHWboANjyvSb3wpHG3wshW7op/lMe0kKwKxwANsv2Ygt4OzppDJh6fNuGdUhwLbz0kkuNYLoJ1BYdlZVg3+TIUA4e7Ewa2RMz8GYKxSI+tpl4YOP7cFA=
secret key(NCV0dk):WsneAs7EjG3F0+Fvl7G1WM1+1ecl+eu78WPwSgGQlXkqVVk0lYGVuTOkTwhc42stVPsl5nD/O9dGdsGYerqVBdNTk4Rh1WTw9HhiMYFzHh6YWlx8DQ9siU7BO3BmE6qKgLaj72dnHWYxTmV+FiocOPM7pPYGxw+wEwk91QRCY8s=
secret key(Xhf0i4m):JX7B/pkBms20ktWyNIEUu2lmXRzOYq+qaTOcErG01seVw3Rc4fbOkKlbSh5mSvBnwdnN03eSogWqWxUcub2x/J4cqInh9NLmiEZjAE66q4+Jws3zx4ralDJtXqjOebNl22vlwdCojon6Z+0Fa5/C8eh/fDXZJGLaGaF9m3DSsEM=
- Create Algorithm class and paste the following codes
public class Algorithm {
public final static String CHARSET = "UTF8";
/**
* 在Android平台的JCE中,非对称Key的常用算法有“RSA”、“DSA”、“Diffie−Hellman”、“Elliptic Curve
* (EC)”等。
*/
public final static String KEYPAIR_ALGORITHM = "RSA";
public final static String SINGLE_KEY_ALGORITHM = "DES";
public final static Map<String, String> rules = new HashMap<>();;
static {
rules.put("DES", "DES/CBC/PKCS5Padding");
rules.put("RSA", "RSA/ECB/PKCS1Padding");
}
}- Add the decryption method to your project, see android sample project here SecuritySample
public static String decryptRSA(String message) throws NoSuchAlgorithmException, NoSuchPaddingException,
InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException,
InvalidAlgorithmParameterException, ClassNotFoundException, InvalidKeySpecException {
Cipher c2 = Cipher.getInstance(Algorithm.rules.get("RSA")); // 创建一个Cipher对象,注意这里用的算法需要和Key的算法匹配
BigInteger m = new BigInteger(Base64.getDecoder().decode(MODULUS));
BigInteger e = new BigInteger(Base64.getDecoder().decode(EXPONENT));
c2.init(Cipher.DECRYPT_MODE, converStringToPublicKey(m, e)); // 设置Cipher为解密工作模式,需要把Key传进去
byte[] decryptedData = c2.doFinal(Base64.getDecoder().decode(message));
return new String(decryptedData, Algorithm.CHARSET);
}
public static Key converStringToPublicKey(BigInteger modulus, BigInteger exponent)
throws ClassNotFoundException, NoSuchAlgorithmException, InvalidKeySpecException {
byte[] modulusByteArry = modulus.toByteArray();
byte[] exponentByteArry = exponent.toByteArray();
// 由接收到的参数构造RSAPublicKeySpec对象
RSAPublicKeySpec rsaPublicKeySpec = new RSAPublicKeySpec(new BigInteger(modulusByteArry),
new BigInteger(exponentByteArry));
// 根据RSAPublicKeySpec对象获取公钥对象
KeyFactory kFactory = KeyFactory.getInstance(Algorithm.KEYPAIR_ALGORITHM);
PublicKey publicKey = kFactory.generatePublic(rsaPublicKeySpec);
// System.out.println("==>public key: " +
// bytesToHexString(publicKey.getEncoded()));
return publicKey;
}When you add new secret keys, you must refill modulus, exponent and the other encrypted keys, because you get different RSA KeyPair(private key and public key) every execution.
Copyright 2017 Catherine Chen (https://github.com/Catherine22)
Licensed under the Apache License, Version 2.0 (the "License"); you may not
use this file except in compliance with the License. You may obtain a copy of
the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
License for the specific language governing permissions and limitations under
the License.