Android 采用keyStore的方式非对称加密,配合Rxjava2更好用

加密的代码如下

public class RxSecureStorage {

  private static final String AndroidKeyStore = "AndroidKeyStore";
  private Context context;
  private String alias;
  private KeyStore keyStore;
  private RxSharedPreferences sharedPreferences;

  public RxSecureStorage(Context context, String alias) {
    this.context = context.getApplicationContext();
    this.alias = alias;
    SharedPreferences prefs =
        context.getSharedPreferences(
            String.format("%s-%s", context.getPackageName(), alias), Context.MODE_PRIVATE);
    this.sharedPreferences = RxSharedPreferences.create(prefs);
  }

  public static RxSecureStorage create(Context context, String alias) {
    return new RxSecureStorage(context, alias);
  }

  private void initIfNecessary() throws Exception {
    if (keyStore != null) {
      return;
    }
    try {
      keyStore = KeyStore.getInstance(AndroidKeyStore);
      keyStore.load(null);
      if (!keyStore.containsAlias(alias)) {
        // Generate a key pair for encryption
        Calendar start = Calendar.getInstance();
        Calendar end = Calendar.getInstance();
        end.add(Calendar.YEAR, 30);
        KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context.getApplicationContext())
                .setAlias(alias)
                .setSubject(new X500Principal("CN=" + alias))
                .setSerialNumber(BigInteger.TEN)
                .setStartDate(start.getTime())
                .setEndDate(end.getTime())
                .build();
        KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", AndroidKeyStore);
        kpg.initialize(spec);
        kpg.generateKeyPair();
      }
    } catch (Exception e) {
      throw new Exception("Failed to initialize this RxSecureStorage instance.", e);
    }
  }

  public Single<byte[]> encrypt(final byte[] data) {
    return Single.fromCallable(
            new Callable<byte[]>() {
              @Override
              public byte[] call() throws Exception {
                initIfNecessary();

                ByteArrayOutputStream outputStream = null;
                CipherOutputStream cipherOutputStream = null;
                try {
                  KeyStore.PrivateKeyEntry privateKeyEntry =
                      (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias, null);
                  PublicKey publicKey = privateKeyEntry.getCertificate().getPublicKey();

                  Cipher input = getCipher();
                  input.init(Cipher.ENCRYPT_MODE, publicKey);

                  outputStream = new ByteArrayOutputStream();
                  cipherOutputStream = new CipherOutputStream(outputStream, input);
                  cipherOutputStream.write(data);
                  closeQuietely(cipherOutputStream);

                  return outputStream.toByteArray();
                } catch (Exception e) {
                  throw new Exception("Failed to encrypt data with alias" + alias, e);
                } finally {
                  closeQuietely(cipherOutputStream);
                  closeQuietely(outputStream);
                }
              }
            })
        .observeOn(Schedulers.computation());
  }

  public Single<String> encryptString(String text) {
    byte[] textBytes;
    try {
      textBytes = text.getBytes("UTF-8");
    } catch (UnsupportedEncodingException e) {
      return Single.error(new Exception("Failed convert text to bytes.", e));
    }
    return encrypt(textBytes)
        .map(
            new Function<byte[], String>() {
              @Override
              public String apply(byte[] encryptedData) throws Exception {
                return Base64.encodeToString(encryptedData, Base64.DEFAULT);
              }
            })
        .observeOn(Schedulers.computation());
  }

  public Single<byte[]> decrypt(final byte[] encryptedData) {
    return Single.fromCallable(
            new Callable<byte[]>() {
              @Override
              public byte[] call() throws Exception {
                initIfNecessary();

                CipherInputStream cipherInputStream = null;
                ByteArrayOutputStream bos = null;
                try {
                  KeyStore.PrivateKeyEntry privateKeyEntry =
                      (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias, null);
                  PrivateKey privateKey = privateKeyEntry.getPrivateKey();

                  Cipher output = getCipher();
                  output.init(Cipher.DECRYPT_MODE, privateKey);

                  cipherInputStream =
                      new CipherInputStream(new ByteArrayInputStream(encryptedData), output);
                  bos = new ByteArrayOutputStream();

                  byte[] buffer = new byte[512];
                  int read;
                  while ((read = cipherInputStream.read(buffer)) != -1) {
                    bos.write(buffer, 0, read);
                  }

                  return bos.toByteArray();
                } catch (Exception e) {
                  throw new Exception("Failed to decrypt data with " + alias, e);
                } finally {
                  closeQuietely(cipherInputStream);
                  closeQuietely(bos);
                }
              }
            })
        .observeOn(Schedulers.computation());
  }

  public Single<String> decryptString(String encryptedText) {
    byte[] textBytes = new byte[0];
    if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.FROYO) {
      textBytes = Base64.decode(encryptedText, Base64.DEFAULT);
    }
    return decrypt(textBytes)
        .map(
            new Function<byte[], String>() {
              @Override
              public String apply(byte[] encryptedData) throws Exception {
                return new String(encryptedData, 0, encryptedData.length);
              }
            })
        .observeOn(Schedulers.computation());
  }

  public Observable<byte[]> getBytes(String name) {
    return sharedPreferences
        .getString(name)
        .asObservable()
        .map(
            new Function<String, byte[]>() {
              @Override
              public byte[] apply(String base64Value) throws Exception {
                byte[] encryptedValue = Base64.decode(base64Value, Base64.DEFAULT);
                return decrypt(encryptedValue).blockingGet();
              }
            });
  }

  public Single<Boolean> putBytes(final String name, @Nullable byte[] value) {
    if (value == null) {
      sharedPreferences.getString(name).delete();
      return Single.just(false);
    }
    return encrypt(value)
        .map(
            new Function<byte[], Boolean>() {
              @Override
              public Boolean apply(byte[] encryptedData) throws Exception {
                String encryptedString = Base64.encodeToString(encryptedData, Base64.DEFAULT);
                sharedPreferences.getString(name).set(encryptedString);
                return true;
              }
            });
  }

  public Observable<String> getString(String name) {
    return sharedPreferences
        .getString(name)
        .asObservable()
        .map(
            new Function<String, String>() {
              @Override
              public String apply(String encryptedValue) throws Exception {
                if (encryptedValue == null || encryptedValue.trim().isEmpty()) {
                  return null;
                }
                return decryptString(encryptedValue).blockingGet();
              }
            });
  }

  public Single<Boolean> putString(final String name, @Nullable String value) {
    if (value == null) {
      sharedPreferences.getString(name).delete();
      return Single.just(false);
    }
    return encryptString(value)
        .map(
            new Function<String, Boolean>() {
              @Override
              public Boolean apply(String encryptedValue) throws Exception {
                sharedPreferences.getString(name).set(encryptedValue);
                return true;
              }
            });
  }

  public void dispose() {
    this.context = null;
    this.alias = null;
    this.keyStore = null;
    this.sharedPreferences = null;
  }

  private static Cipher getCipher() {
    try {
      if (Build.VERSION.SDK_INT < Build.VERSION_CODES.M) { // below android m
        // error in android 6: InvalidKeyException: Need RSA private or public key
        return Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL");
      } else {
        // error in android 5: NoSuchProviderException: Provider not available: AndroidKeyStoreBCWorkaround
        return Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidKeyStoreBCWorkaround");
      }
    } catch (Exception exception) {
      throw new RuntimeException("getCipher: Failed to get an instance of Cipher", exception);
    }
  }

  private static void closeQuietely(Closeable c) {
    try {
      c.close();
    } catch (Throwable ignored) {
    }
  }
}

使用
1,初始化

RxSecureStorage secureStorage =
    RxSecureStorage.create(this, "alias_name")

2,加密

secureStorage
    .encryptString("string to encrypt")
    .observeOn(AndroidSchedulers.mainThread())
    .subscribe(result -> {
        // Use the resulting string
    },
    error -> {
        // Handle error
    });

3,解密

secureStorage
    .decryptString("9yIfhiwf3eDENxI1XG/XWYZOPc5RH6B9ez9y7I7BtEsig==")
    .observeOn(AndroidSchedulers.mainThread())
    .subscribe(result -> {
        // Use the resulting string
    },
    error -> {
        // Handle error
    });

4,保存一些隐私数据

secureStorage.putString("key", "hello, world!").subscribe();

获取隐私数据

secureStorage
    .getString("key")
    .subscribe(
        latest -> {
          // preference was changed, here's the latest decryped value
        });