BT
x Your opinion matters! Please fill in the InfoQ Survey about your reading habits!

Encrypting Files on Android with Facebook Conceal

by Abel Avram on Jan 29, 2014 |

Facebook has open sourced Conceal, a set of Java APIs for file encryption and authentication on Android. Conceal uses a subset of OpenSSL’s algorithms and predefined options in order to keep the library smaller, currently being 85KB.

The library targets older Android devices, from Froyo to Jelly Bean, on which the performance is much better than Android’s native support, according to Facebook:

image

The above benchmarks compare a native Android algorithm (ES-CTR-HMAC-SHA1) with Bouncycastle (AES-GCM) and Conceal (AES-GCM) on Galaxy Y.

Google has introduced support for OpenSSL in KitKat, but the default Cipher Stream “does not perform well”, according to Facebook; “when replaced with our Cipher stream (see BetterCipherInputStream), the default implementation is competitive against Conceal.”

The following code snippet shows how to encrypt files with Conceal:

// Creates a new Crypto object with default implementations of 
// a key chain as well as native library.
Crypto crypto = new Crypto(
  new SharedPrefsBackedKeyChain(context),
  new SystemNativeCryptoLibrary());

// Check for whether the crypto functionality is available
// This might fail if Android does not load libraries correctly.
if (!crypto.isAvailable()) {
  return;
}

OutputStream fileStream = new BufferedOutputStream(
  new FileOutputStream(file));

// Creates an output stream which encrypts the data as
// it is written to it and writes it out to the file.
OutputStream outputStream = crypto.getCipherOutputStream(
  fileStream,
  entity);

// Write plaintext to it.
outputStream.write(plainText);
outputStream.close();

Conceal can be used to encrypt large files, Facebook using it to encrypt data and images on phone/tablet’s SD card.

Instructions for building a similar library based on OpenSSL can be found on Conceal’s GitHub page.

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Xamarin/.Net Cyphers is another option by Faisal Waris

Using .Net cyphers that come with Xamarin (with F#) on Android. Performance is reasonable for the need but I have not done any benchmarking.

A key requirement was to securely transport sensor private data back to the mother ship so used public-private key pair.

The app generates a random symmetric key and encrypts the data soon after it is captured with this key. The symmetric key is then encrypted with the public key and then sent along with the encrypted data. The data is only decryptable in a secure location which has the private key.

The problem with using symmetric keys is that it has to be stored on the app and can be recovered by a determined hacker or malware. Also if the key is not changed it can be recovered using statistical means if enough encrypted data is analyzed.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

1 Discuss

Educational Content

General Feedback
Bugs
Advertising
Editorial
InfoQ.com and all content copyright © 2006-2014 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT