【android安全】保护app本地数据文件

方法步骤:

1,将文件放在尽量安全的位置,比如内部存储而不是sd卡。

2,对文件内容使用对称加密或基于口令的加密。

3,对于数据库可用相关工具加密比如SQLCiper。

4,使用android设备管理策略。

5,使用加密的SharePreference即Secure-Preferences(免费的,可到github下载)




一,使用spongycastle进行对称加密(以下工具类依赖spongycastle库,可到地址https://github.com/rtyley/spongycastle-eclipse下载)。


package com.madgag.spongycastle.eclipse;

import java.security.SecureRandom;
import java.security.Security;

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;

import org.spongycastle.jce.provider.BouncyCastleProvider;

public class CipherUtils {
	
	static {
		Security.addProvider(new BouncyCastleProvider());
	}
	public static SecretKey generateAESKey(int keysize) throws Exception{
		/**这儿有漏洞,可到以下网址下载补丁。
		 * http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html
		 */
		final SecureRandom random = new SecureRandom();
		KeyGenerator generator = KeyGenerator.getInstance("AES");
		generator.init(keysize, random);;
		return generator.generateKey();
		
		
	}
	
	
	public static IvParameterSpec getIV(){
		
		byte[] bytes=new byte[32];
		new SecureRandom().nextBytes(bytes);
		return new IvParameterSpec(bytes);
	}
	
	public static String encrpyt(String plainText,SecretKey key,IvParameterSpec iv) throws Exception, Exception{
		Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding","SC");
		cipher.init(Cipher.ENCRYPT_MODE, key, iv);
		byte[] ciphered= cipher.doFinal(plainText.getBytes("UTF-8"));
		return new String(ciphered, "UTF-8");
	}
	
	public static String decrpyt(String cipheredText,SecretKey key,IvParameterSpec iv) throws Exception, Exception{
		Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding","SC");
		
		cipher.init(Cipher.DECRYPT_MODE, key, iv);
		byte[] unCiphered= cipher.doFinal(cipheredText.getBytes("UTF-8"));
		return new String(unCiphered, "UTF-8");
	}

}


二,基于口令的对称加密。


package com.madgag.spongycastle.eclipse;

import java.security.SecureRandom;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;

import android.os.Build;

public class TokenCipherUtils {

	public static String encrpyt(String plainText, SecretKey key,
			IvParameterSpec iv) throws Exception, Exception {
		Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "SC");
		cipher.init(Cipher.ENCRYPT_MODE, key, iv);
		byte[] ciphered = cipher.doFinal(plainText.getBytes("UTF-8"));
		return new String(ciphered, "UTF-8");
	}

	public static String decrpyt(String cipheredText, SecretKey key,
			IvParameterSpec iv) throws Exception, Exception {
		Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "SC");

		cipher.init(Cipher.DECRYPT_MODE, key, iv);
		byte[] unCiphered = cipher.doFinal(cipheredText.getBytes("UTF-8"));
		return new String(unCiphered, "UTF-8");
	}

	public static SecretKey generatePBEKey(String pwd, String salt)
			throws Exception {

		final int iterationCount = 10000;
		final int outputKeyLength = 256;
		SecretKeyFactory secFac;

		if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
			secFac = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1And8bit");

		} else {
			secFac = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");

		}

		PBEKeySpec keySpec = new PBEKeySpec(pwd.toCharArray(), salt.getBytes(),
				iterationCount, outputKeyLength);
		SecretKey secKey = secFac.generateSecret(keySpec);
		return secKey;

	}

	private static byte[] makeRandomByteArray(int sizeInBytes) {
		byte[] randomArray = new byte[sizeInBytes];

		new SecureRandom().nextBytes(randomArray);
		return randomArray;

	}

	public static IvParameterSpec makeIV() {

		return new IvParameterSpec(makeRandomByteArray(32));
	}

	public static byte[] makeSalt() {
		return makeRandomByteArray(32);
	}

}



相关推荐
©️2020 CSDN 皮肤主题: 大白 设计师:CSDN官方博客 返回首页