Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Encrypting Files on Android with Facebook Conceal

Encrypting Files on Android with Facebook Conceal

This item in japanese

Lire ce contenu en français


Facebook has open sourced Conceal, a set of Java APIs for file encryption and authentication on Android. Conceal uses a subset of OpenSSL’s algorithms and predefined options in order to keep the library smaller, currently being 85KB.

The library targets older Android devices, from Froyo to Jelly Bean, on which the performance is much better than Android’s native support, according to Facebook:


The above benchmarks compare a native Android algorithm (ES-CTR-HMAC-SHA1) with Bouncycastle (AES-GCM) and Conceal (AES-GCM) on Galaxy Y.

Google has introduced support for OpenSSL in KitKat, but the default Cipher Stream “does not perform well”, according to Facebook; “when replaced with our Cipher stream (see BetterCipherInputStream), the default implementation is competitive against Conceal.”

The following code snippet shows how to encrypt files with Conceal:

// Creates a new Crypto object with default implementations of 
// a key chain as well as native library.
Crypto crypto = new Crypto(
  new SharedPrefsBackedKeyChain(context),
  new SystemNativeCryptoLibrary());

// Check for whether the crypto functionality is available
// This might fail if Android does not load libraries correctly.
if (!crypto.isAvailable()) {

OutputStream fileStream = new BufferedOutputStream(
  new FileOutputStream(file));

// Creates an output stream which encrypts the data as
// it is written to it and writes it out to the file.
OutputStream outputStream = crypto.getCipherOutputStream(

// Write plaintext to it.

Conceal can be used to encrypt large files, Facebook using it to encrypt data and images on phone/tablet’s SD card.

Instructions for building a similar library based on OpenSSL can be found on Conceal’s GitHub page.

Rate this Article


Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Community comments

  • Xamarin/.Net Cyphers is another option

    by Faisal Waris,

    Your message is awaiting moderation. Thank you for participating in the discussion.

    Using .Net cyphers that come with Xamarin (with F#) on Android. Performance is reasonable for the need but I have not done any benchmarking.

    A key requirement was to securely transport sensor private data back to the mother ship so used public-private key pair.

    The app generates a random symmetric key and encrypts the data soon after it is captured with this key. The symmetric key is then encrypted with the public key and then sent along with the encrypted data. The data is only decryptable in a secure location which has the private key.

    The problem with using symmetric keys is that it has to be stored on the app and can be recovered by a determined hacker or malware. Also if the key is not changed it can be recovered using statistical means if enough encrypted data is analyzed.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p