SlideShare a Scribd company logo

Secure preferences

Download as PPTX, PDF
Jain Zang, profile picture
Jain Zang

SecurePreferences is an Android library that allows developers to securely store sensitive data like passwords, tokens, and settings in SharedPreferences. It encrypts the values using AES-128 encryption and stores each key as a SHA-256 hash. Developers can generate encryption keys from passwords or use default keys. The library provides easy methods to get, set, remove and clear encrypted values from SharedPreferences.

Technology
1 of 13
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
Secure-preferenceshttps://github.com/scottyab/secure-preferences Jain Newegg developer
What is SharedPreferences • Save and retrieve persistent key-value pairs of primitive data types • Save any primitive data: booleans, floats, ints, longs, and strings
Why use Secure- preferences • Protect secret data 1.password 2.token 3.setting
Secure mechanism • Encrypts the values using AES 128, CBC, and PKCS5 • Each key is stored as a one way SHA 256 hash • Both keys and values are base64 encoded before storing into prefs xml file
Secure data
How to use public SharedPreferences getSharedPreferences() { if(mSecurePrefs==null){ mSecurePrefs = new SecurePreferences(this, "", "my_prefs.xml"); SecurePreferences.setLoggingEnabled(true); } return mSecurePrefs; }
public SharedPreferences getSharedPreferences1000() { try { AesCbcWithIntegrity.SecretKeys myKey = AesCbcWithIntegrity.generateKeyFromPassword( Build.SERIAL,AesCbcWithIntegrity.generateSalt(),1000); return new SecurePreferences(this, myKey, "my_prefs_1000.xml"); } catch (GeneralSecurityException e) { Log.e(TAG, "Failed to create custom key for SecurePreferences", e); } return null; } How to use public SharedPreferences getSharedPreferences() { if(mSecurePrefs==null){ mSecurePrefs = new SecurePreferences(this, "", "my_prefs.xml"); SecurePreferences.setLoggingEnabled(true); } return mSecurePrefs; }
How to use public SharedPreferences getSharedPreferences() { if(mSecurePrefs==null){ mSecurePrefs = new SecurePreferences(this, "", "my_prefs.xml"); SecurePreferences.setLoggingEnabled(true); } return mSecurePrefs; } public SharedPreferences getSharedPreferences1000() { try { AesCbcWithIntegrity.SecretKeys myKey = AesCbcWithIntegrity.generateKeyFromPassword( Build.SERIAL,AesCbcWithIntegrity.generateSalt(),1000); return new SecurePreferences(this, myKey, "my_prefs_1000.xml"); } catch (GeneralSecurityException e) { Log.e(TAG, "Failed to create custom key for SecurePreferences", e); } return null; } public SecurePreferences getUserPinBasedSharedPreferences(String password){ if(mUserPrefs==null) { mUserPrefs = new SecurePreferences(this, password, "user_prefs.xml"); } return mUserPrefs; }
public void onGetButtonClick(View v) { final String value = getSharedPref().getString(MainActivity.KEY, null); toast(MainActivity.KEY + "'s, value= " + value); } public void onSetButtonClick(View v) { getSharedPref().edit().putString(MainActivity.KEY, MainActivity.VALUE) .commit(); toast(MainActivity.KEY + " with enc value:" + MainActivity.VALUE + ". Saved"); } public void onRemoveButtonClick(View v) { getSharedPref().edit().remove(MainActivity.KEY).commit(); toast("key:" + MainActivity.KEY + " removed from secure prefs"); } public void onClearAllButtonClick(View v) { getSharedPref().edit().clear().commit(); updateEncValueDisplay(); toast("All secure prefs cleared"); }
Put value putString(String key, String value) hashPrefKey(String prefKey) encrypt(String cleartext) encrypt(byte[] plaintext, SecretKeys secretKeys) new CipherTextIvMac(byteCipherText, iv, integrityMac) toString() public static CipherTextIvMac encrypt(byte[] plaintext, SecretKeys secretKeys) throws GeneralSecurityException { byte[] iv = generateIv(); Cipher aesCipherForEncryption = Cipher.getInstance(CIPHER_TRANSFORMATION); aesCipherForEncryption.init(Cipher.ENCRYPT_MODE, secretKeys.getConfidentialityKey(), new IvParameterSpec(iv)); /* * Now we get back the IV that will actually be used. Some Android * versions do funny stuff w/ the IV, so this is to work around bugs: */ iv = aesCipherForEncryption.getIV(); byte[] byteCipherText = aesCipherForEncryption.doFinal(plaintext); byte[] ivCipherConcat = CipherTextIvMac.ivCipherConcat(iv, byteCipherText); byte[] integrityMac = generateMac(ivCipherConcat, secretKeys.getIntegrityKey()); return new CipherTextIvMac(byteCipherText, iv, integrityMac); }
putString(String key, String value) hashPrefKey(String prefKey) encrypt(String cleartext) encrypt(byte[] plaintext, SecretKeys secretKeys) new CipherTextIvMac(byteCipherText, iv, integrityMac) toString() public String toString() { String ivString = Base64.encodeToString(iv, BASE64_FLAGS); String cipherTextString = Base64.encodeToString(cipherText, BASE64_FLAGS); String macString = Base64.encodeToString(mac, BASE64_FLAGS); return String.format(ivString + ":" + macString + ":" + cipherTextString); } Put value
Get valuegetInt(String key, int defaultValue) decrypt(final String ciphertext) new AesCbcWithIntegrity.CipherTextIvMac(ciphertext) decryptString(cipherTextIvMac, keys) public static byte[] decrypt(CipherTextIvMac civ, SecretKeys secretKeys) throws GeneralSecurityException { byte[] ivCipherConcat = CipherTextIvMac.ivCipherConcat(civ.getIv(), civ.getCipherText()); byte[] computedMac = generateMac(ivCipherConcat, secretKeys.getIntegrityKey()); if (constantTimeEq(computedMac, civ.getMac())) { Cipher aesCipherForDecryption = Cipher.getInstance(CIPHER_TRANSFORMATION); aesCipherForDecryption.init(Cipher.DECRYPT_MODE, secretKeys.getConfidentialityKey(), new IvParameterSpec(civ.getIv())); return aesCipherForDecryption.doFinal(civ.getCipherText()); } else { throw new GeneralSecurityException("MAC stored in civ does not match computed MAC."); } } new String(decrypt(civ, secretKeys), encoding)
Q & A

More Related Content

PDF
The Ring programming language version 1.5.2 book - Part 28 of 181
Mahmoud Samir Fayed
 
PDF
The Ring programming language version 1.7 book - Part 32 of 196
Mahmoud Samir Fayed
 
PDF
The Ring programming language version 1.5.3 book - Part 29 of 184
Mahmoud Samir Fayed
 
PDF
Redis学习笔记
yongboy
 
PDF
Offensive PowerShell Cheat Sheet
Rahmat Nurfauzi
 
PPTX
OpenStack Day 2 Operations (Toronto)
Dirk Wallerstorfer
 
PPTX
OpenStack Day 2 Operations
Dirk Wallerstorfer
 
PDF
Managing and Integrating Vault at The New York Times
Amanda MacLeod
 
The Ring programming language version 1.5.2 book - Part 28 of 181
Mahmoud Samir Fayed
 
The Ring programming language version 1.7 book - Part 32 of 196
Mahmoud Samir Fayed
 
The Ring programming language version 1.5.3 book - Part 29 of 184
Mahmoud Samir Fayed
 
Redis学习笔记
yongboy
 
Offensive PowerShell Cheat Sheet
Rahmat Nurfauzi
 
OpenStack Day 2 Operations (Toronto)
Dirk Wallerstorfer
 
OpenStack Day 2 Operations
Dirk Wallerstorfer
 
Managing and Integrating Vault at The New York Times
Amanda MacLeod
 

What's hot (18)

PDF
The Ring programming language version 1.5.1 book - Part 27 of 180
Mahmoud Samir Fayed
 
PDF
Open SSL and MS Crypto API EKON21
Max Kleiner
 
DOCX
บทที่6 update&delete
Palm Unnop
 
PDF
Elasticsearch security
Nag Arvind Gudiseva
 
PPT
Learning Java 4 – Swing, SQL, and Security API
caswenson
 
PDF
The Ring programming language version 1.6 book - Part 31 of 189
Mahmoud Samir Fayed
 
PPT
Wicket Security Presentation
mrmean
 
PDF
Given Groovy Who Needs Java
Russel Winder
 
PDF
The Ring programming language version 1.5.4 book - Part 29 of 185
Mahmoud Samir Fayed
 
PDF
Amazon Cognito使って認証したい?それならSpring Security使いましょう!
Ryosuke Uchitate
 
PPTX
iOS Keychain 介紹
ShengWen Chiou
 
PDF
Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption Toolkit
Paula Januszkiewicz
 
PPTX
Socket.io v.0.8.3
Maryna Vasina
 
DOCX
Update&delete
Bongza Naruk
 
PDF
The Ring programming language version 1.3 book - Part 17 of 88
Mahmoud Samir Fayed
 
PDF
201913001 khairunnisa progres_harian
KhairunnisaPekanbaru
 
DOCX
Fia fabila
fiafabila
 
PPTX
Code refactoring of existing AutoTest to PageObject pattern
Anton Bogdan
 
The Ring programming language version 1.5.1 book - Part 27 of 180
Mahmoud Samir Fayed
 
Open SSL and MS Crypto API EKON21
Max Kleiner
 
บทที่6 update&delete
Palm Unnop
 
Elasticsearch security
Nag Arvind Gudiseva
 
Learning Java 4 – Swing, SQL, and Security API
caswenson
 
The Ring programming language version 1.6 book - Part 31 of 189
Mahmoud Samir Fayed
 
Wicket Security Presentation
mrmean
 
Given Groovy Who Needs Java
Russel Winder
 
The Ring programming language version 1.5.4 book - Part 29 of 185
Mahmoud Samir Fayed
 
Amazon Cognito使って認証したい?それならSpring Security使いましょう!
Ryosuke Uchitate
 
iOS Keychain 介紹
ShengWen Chiou
 
Black Hat Europe 2017. DPAPI and DPAPI-NG: Decryption Toolkit
Paula Januszkiewicz
 
Socket.io v.0.8.3
Maryna Vasina
 
Update&delete
Bongza Naruk
 
The Ring programming language version 1.3 book - Part 17 of 88
Mahmoud Samir Fayed
 
201913001 khairunnisa progres_harian
KhairunnisaPekanbaru
 
Fia fabila
fiafabila
 
Code refactoring of existing AutoTest to PageObject pattern
Anton Bogdan
 
Ad

Viewers also liked (20)

PDF
Keynote Address by Marc Stoiber - Ready! Fire! Aim!
Social Media Camp
 
DOCX
Guión diseño instruccional.docx
Maggy Sevilla Perez
 
KEY
讀書樂無窮
Vista Cheng
 
PDF
Untitled Presentation
Cheryl Ng Xin Yi
 
PDF
logo new feb 2015
Reji Madathil
 
PDF
Lo importante no es tener sino trascender
FUNDACIÓN SUEÑOS DE ESCRITOR
 
PPTX
Presentation_NEW.PPTX
jameschloejames
 
PPT
Subj.verb agreement
jocelyn rubino
 
PDF
Take Advantage of Mobile Marketing to Build Business Success
Judd Wheeler
 
DOC
Resume Hordych 2014 - AD
Jacob Hordych
 
PPTX
Boxtream tools-161106062349
newegg
 
DOC
CV. in inglish
Lourenco Guambe
 
PPTX
Question 7
jaimiesian
 
PDF
Rita tria how to use ifttt
Rita Tria
 
PPTX
Powerful Goal Setting Strategies
Amy Godfrey
 
PDF
【行銷策略】七大提升廣告效益的實戰祕訣
周建良 Zhou Jian Liang
 
PDF
La Toma de Decisiones en las Escuelas ccesa007
Demetrio Ccesa Rayme
 
PDF
Hacking With Sql Injection Exposed - A Research Thesis
corbanmiferreira
 
PDF
Innovaciones en Gestión Educativa ccesa007
Demetrio Ccesa Rayme
 
PDF
Natalia Hatalska, Alternatywne formy reklamy, konferencja I ♥ Marketing, 25....
Sprawny Marketing by MaxROY.com
 
Keynote Address by Marc Stoiber - Ready! Fire! Aim!
Social Media Camp
 
Guión diseño instruccional.docx
Maggy Sevilla Perez
 
讀書樂無窮
Vista Cheng
 
Untitled Presentation
Cheryl Ng Xin Yi
 
logo new feb 2015
Reji Madathil
 
Lo importante no es tener sino trascender
FUNDACIÓN SUEÑOS DE ESCRITOR
 
Presentation_NEW.PPTX
jameschloejames
 
Subj.verb agreement
jocelyn rubino
 
Take Advantage of Mobile Marketing to Build Business Success
Judd Wheeler
 
Resume Hordych 2014 - AD
Jacob Hordych
 
Boxtream tools-161106062349
newegg
 
CV. in inglish
Lourenco Guambe
 
Question 7
jaimiesian
 
Rita tria how to use ifttt
Rita Tria
 
Powerful Goal Setting Strategies
Amy Godfrey
 
【行銷策略】七大提升廣告效益的實戰祕訣
周建良 Zhou Jian Liang
 
La Toma de Decisiones en las Escuelas ccesa007
Demetrio Ccesa Rayme
 
Hacking With Sql Injection Exposed - A Research Thesis
corbanmiferreira
 
Innovaciones en Gestión Educativa ccesa007
Demetrio Ccesa Rayme
 
Natalia Hatalska, Alternatywne formy reklamy, konferencja I ♥ Marketing, 25....
Sprawny Marketing by MaxROY.com
 
Ad

Similar to Secure preferences (20)

PDF
Develop an encryption and decryption algorithm Your program should a.pdf
deepaksatrker
 
PDF
ERRest
WO Community
 
PDF
Whispered secrets
Eleanor McHugh
 
PPT
Java Symmetric
phanleson
 
PDF
Encryption Boot Camp at JavaZone 2010
Matthew McCullough
 
PPTX
Secureerasurecodebasedcloudstoragesystemwithsecuredataforwarding
kadalisrikanth
 
PPTX
Secure erasure code based cloud storage system with secure data forwarding
Priyank Rupera
 
PPTX
Django cryptography
Erik LaBianca
 
PPTX
Java
박 경민
 
PDF
iOS Keychain by 흰, 민디
MINJICHO20
 
PPTX
Cargo Cult Security UJUG Sep2015
Derrick Isaacson
 
PDF
Configuration beyond Java EE 8
Anatole Tresch
 
PPTX
Cryptography 101 for Java developers
Michel Schudel
 
PDF
React Native Course - Data Storage . pdf
AlvianZachryFaturrah
 
PDF
DEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menace
Felipe Prado
 
PPTX
Cryptography In Silverlight
Barry Dorrans
 
PPTX
Hadoop Puzzlers
Cloudera, Inc.
 
PPTX
Hadoop Puzzlers
DataWorks Summit
 
PDF
Secure .NET programming
Ante Gulam
 
PDF
Refactoring In Tdd The Missing Part
Gabriele Lana
 
Develop an encryption and decryption algorithm Your program should a.pdf
deepaksatrker
 
ERRest
WO Community
 
Whispered secrets
Eleanor McHugh
 
Java Symmetric
phanleson
 
Encryption Boot Camp at JavaZone 2010
Matthew McCullough
 
Secureerasurecodebasedcloudstoragesystemwithsecuredataforwarding
kadalisrikanth
 
Secure erasure code based cloud storage system with secure data forwarding
Priyank Rupera
 
Django cryptography
Erik LaBianca
 
Java
박 경민
 
iOS Keychain by 흰, 민디
MINJICHO20
 
Cargo Cult Security UJUG Sep2015
Derrick Isaacson
 
Configuration beyond Java EE 8
Anatole Tresch
 
Cryptography 101 for Java developers
Michel Schudel
 
React Native Course - Data Storage . pdf
AlvianZachryFaturrah
 
DEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menace
Felipe Prado
 
Cryptography In Silverlight
Barry Dorrans
 
Hadoop Puzzlers
Cloudera, Inc.
 
Hadoop Puzzlers
DataWorks Summit
 
Secure .NET programming
Ante Gulam
 
Refactoring In Tdd The Missing Part
Gabriele Lana
 

Recently uploaded (20)

PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Teaching material agriculture food technology
LiaRayya
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
A Presentation on Artificial Intelligence
memembruh336
 
Cloud computing and distributed systems.
kkkkkhan
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 

Secure preferences

  • 2. What is SharedPreferences • Save and retrieve persistent key-value pairs of primitive data types • Save any primitive data: booleans, floats, ints, longs, and strings
  • 3. Why use Secure- preferences • Protect secret data 1.password 2.token 3.setting
  • 4. Secure mechanism • Encrypts the values using AES 128, CBC, and PKCS5 • Each key is stored as a one way SHA 256 hash • Both keys and values are base64 encoded before storing into prefs xml file
  • 6. How to use public SharedPreferences getSharedPreferences() { if(mSecurePrefs==null){ mSecurePrefs = new SecurePreferences(this, "", "my_prefs.xml"); SecurePreferences.setLoggingEnabled(true); } return mSecurePrefs; }
  • 7. public SharedPreferences getSharedPreferences1000() { try { AesCbcWithIntegrity.SecretKeys myKey = AesCbcWithIntegrity.generateKeyFromPassword( Build.SERIAL,AesCbcWithIntegrity.generateSalt(),1000); return new SecurePreferences(this, myKey, "my_prefs_1000.xml"); } catch (GeneralSecurityException e) { Log.e(TAG, "Failed to create custom key for SecurePreferences", e); } return null; } How to use public SharedPreferences getSharedPreferences() { if(mSecurePrefs==null){ mSecurePrefs = new SecurePreferences(this, "", "my_prefs.xml"); SecurePreferences.setLoggingEnabled(true); } return mSecurePrefs; }
  • 8. How to use public SharedPreferences getSharedPreferences() { if(mSecurePrefs==null){ mSecurePrefs = new SecurePreferences(this, "", "my_prefs.xml"); SecurePreferences.setLoggingEnabled(true); } return mSecurePrefs; } public SharedPreferences getSharedPreferences1000() { try { AesCbcWithIntegrity.SecretKeys myKey = AesCbcWithIntegrity.generateKeyFromPassword( Build.SERIAL,AesCbcWithIntegrity.generateSalt(),1000); return new SecurePreferences(this, myKey, "my_prefs_1000.xml"); } catch (GeneralSecurityException e) { Log.e(TAG, "Failed to create custom key for SecurePreferences", e); } return null; } public SecurePreferences getUserPinBasedSharedPreferences(String password){ if(mUserPrefs==null) { mUserPrefs = new SecurePreferences(this, password, "user_prefs.xml"); } return mUserPrefs; }
  • 9. public void onGetButtonClick(View v) { final String value = getSharedPref().getString(MainActivity.KEY, null); toast(MainActivity.KEY + "'s, value= " + value); } public void onSetButtonClick(View v) { getSharedPref().edit().putString(MainActivity.KEY, MainActivity.VALUE) .commit(); toast(MainActivity.KEY + " with enc value:" + MainActivity.VALUE + ". Saved"); } public void onRemoveButtonClick(View v) { getSharedPref().edit().remove(MainActivity.KEY).commit(); toast("key:" + MainActivity.KEY + " removed from secure prefs"); } public void onClearAllButtonClick(View v) { getSharedPref().edit().clear().commit(); updateEncValueDisplay(); toast("All secure prefs cleared"); }
  • 10. Put value putString(String key, String value) hashPrefKey(String prefKey) encrypt(String cleartext) encrypt(byte[] plaintext, SecretKeys secretKeys) new CipherTextIvMac(byteCipherText, iv, integrityMac) toString() public static CipherTextIvMac encrypt(byte[] plaintext, SecretKeys secretKeys) throws GeneralSecurityException { byte[] iv = generateIv(); Cipher aesCipherForEncryption = Cipher.getInstance(CIPHER_TRANSFORMATION); aesCipherForEncryption.init(Cipher.ENCRYPT_MODE, secretKeys.getConfidentialityKey(), new IvParameterSpec(iv)); /* * Now we get back the IV that will actually be used. Some Android * versions do funny stuff w/ the IV, so this is to work around bugs: */ iv = aesCipherForEncryption.getIV(); byte[] byteCipherText = aesCipherForEncryption.doFinal(plaintext); byte[] ivCipherConcat = CipherTextIvMac.ivCipherConcat(iv, byteCipherText); byte[] integrityMac = generateMac(ivCipherConcat, secretKeys.getIntegrityKey()); return new CipherTextIvMac(byteCipherText, iv, integrityMac); }
  • 11. putString(String key, String value) hashPrefKey(String prefKey) encrypt(String cleartext) encrypt(byte[] plaintext, SecretKeys secretKeys) new CipherTextIvMac(byteCipherText, iv, integrityMac) toString() public String toString() { String ivString = Base64.encodeToString(iv, BASE64_FLAGS); String cipherTextString = Base64.encodeToString(cipherText, BASE64_FLAGS); String macString = Base64.encodeToString(mac, BASE64_FLAGS); return String.format(ivString + ":" + macString + ":" + cipherTextString); } Put value
  • 12. Get valuegetInt(String key, int defaultValue) decrypt(final String ciphertext) new AesCbcWithIntegrity.CipherTextIvMac(ciphertext) decryptString(cipherTextIvMac, keys) public static byte[] decrypt(CipherTextIvMac civ, SecretKeys secretKeys) throws GeneralSecurityException { byte[] ivCipherConcat = CipherTextIvMac.ivCipherConcat(civ.getIv(), civ.getCipherText()); byte[] computedMac = generateMac(ivCipherConcat, secretKeys.getIntegrityKey()); if (constantTimeEq(computedMac, civ.getMac())) { Cipher aesCipherForDecryption = Cipher.getInstance(CIPHER_TRANSFORMATION); aesCipherForDecryption.init(Cipher.DECRYPT_MODE, secretKeys.getConfidentialityKey(), new IvParameterSpec(civ.getIv())); return aesCipherForDecryption.doFinal(civ.getCipherText()); } else { throw new GeneralSecurityException("MAC stored in civ does not match computed MAC."); } } new String(decrypt(civ, secretKeys), encoding)
  • 13. Q & A