方法步骤:
1,将文件放在尽量安全的位置,比如内部存储而不是sd卡。
2,对文件内容使用对称加密或基于口令的加密。
3,对于数据库可用相关工具加密比如SQLCiper。
4,使用android设备管理策略。
5,使用加密的SharePreference即Secure-Preferences(免费的,可到github下载)
一,使用spongycastle进行对称加密(以下工具类依赖spongycastle库,可到地址https://github.com/rtyley/spongycastle-eclipse下载)。
package com.madgag.spongycastle.eclipse;
import java.security.SecureRandom;
import java.security.Security;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import org.spongycastle.jce.provider.BouncyCastleProvider;
public class CipherUtils {
static {
Security.addProvider(new BouncyCastleProvider());
}
public static SecretKey generateAESKey(int keysize) throws Exception{
/**这儿有漏洞,可到以下网址下载补丁。
* http://android-developers.blogspot.com.au/2013/08/some-securerandom-thoughts.html
*/
final SecureRandom random = new SecureRandom();
KeyGenerator generator = KeyGenerator.getInstance("AES");
generator.init(keysize, random);;
return generator.generateKey();
}
public static IvParameterSpec getIV(){
byte[] bytes=new byte[32];
new SecureRandom().nextBytes(bytes);
return new IvParameterSpec(bytes);
}
public static String encrpyt(String plainText,SecretKey key,IvParameterSpec iv) throws Exception, Exception{
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding","SC");
cipher.init(Cipher.ENCRYPT_MODE, key, iv);
byte[] ciphered= cipher.doFinal(plainText.getBytes("UTF-8"));
return new String(ciphered, "UTF-8");
}
public static String decrpyt(String cipheredText,SecretKey key,IvParameterSpec iv) throws Exception, Exception{
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding","SC");
cipher.init(Cipher.DECRYPT_MODE, key, iv);
byte[] unCiphered= cipher.doFinal(cipheredText.getBytes("UTF-8"));
return new String(unCiphered, "UTF-8");
}
}
二,基于口令的对称加密。
package com.madgag.spongycastle.eclipse;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import android.os.Build;
public class TokenCipherUtils {
public static String encrpyt(String plainText, SecretKey key,
IvParameterSpec iv) throws Exception, Exception {
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "SC");
cipher.init(Cipher.ENCRYPT_MODE, key, iv);
byte[] ciphered = cipher.doFinal(plainText.getBytes("UTF-8"));
return new String(ciphered, "UTF-8");
}
public static String decrpyt(String cipheredText, SecretKey key,
IvParameterSpec iv) throws Exception, Exception {
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "SC");
cipher.init(Cipher.DECRYPT_MODE, key, iv);
byte[] unCiphered = cipher.doFinal(cipheredText.getBytes("UTF-8"));
return new String(unCiphered, "UTF-8");
}
public static SecretKey generatePBEKey(String pwd, String salt)
throws Exception {
final int iterationCount = 10000;
final int outputKeyLength = 256;
SecretKeyFactory secFac;
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
secFac = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1And8bit");
} else {
secFac = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
}
PBEKeySpec keySpec = new PBEKeySpec(pwd.toCharArray(), salt.getBytes(),
iterationCount, outputKeyLength);
SecretKey secKey = secFac.generateSecret(keySpec);
return secKey;
}
private static byte[] makeRandomByteArray(int sizeInBytes) {
byte[] randomArray = new byte[sizeInBytes];
new SecureRandom().nextBytes(randomArray);
return randomArray;
}
public static IvParameterSpec makeIV() {
return new IvParameterSpec(makeRandomByteArray(32));
}
public static byte[] makeSalt() {
return makeRandomByteArray(32);
}
}