B4J Question B4XCipher

[LucaMs]

Please, run the B4J project attached. Try Test routine and then DBTest (comment/uncomment the lines).


I'm trying to store a Base64 string, which is the result of a text encryption, and retrieve it "later".

In the Test routine everything works as expected, in the DBTest routine every time the same text is crypted the return value is different.

If this was caused by Salt and IV it should also do so in the Test routine.

How to solve?

 

[LucaMs]

If this was caused by Salt and IV it should also do so in the Test routine.

Found this:
https://www.b4x.com/android/forum/threads/b4xcipher-question.96090/post-606352
but:

1 - I don't understand why Test routine works
2 - what am I supposed to do with that Encryption-Decryption made that way, with a random Salt?

 

[OliverA]

what am I supposed to do with that Encryption-Decryption made that way, with a random Salt?

Don't use B4XCipher. That is not what it is made for (your use case. A similar case was here: https://www.b4x.com/android/forum/threads/solved-b4xencryption-decrypt.125100/).
You'll have to write your own routines using iEncryption library (https://www.b4x.com/android/forum/threads/iencryption-library.46991/#content) on iOS and Encryption library (https://www.b4x.com/android/forum/threads/base64-and-encryption-library.6839/#content) for B4A/B4J. Someone may already have something posted on this forum
Note: B4XCipher is now part of the jB4XEncryption internal library. You don't need to use the old external library anymore

 

[LucaMs]

You'll have to write your own routines using iEncryption library (https://www.b4x.com/android/forum/threads/iencryption-library.46991/#content) on iOS and Encryption library (https://www.b4x.com/android/forum/threads/base64-and-encryption-library.6839/#content) for B4A/B4J

I was hoping I could use that cross-platform library.

Note: B4XCipher is now part of the jB4XEncryption internal library. You don't need to use the old external library anymore

I'm not using jB4XEncryption but B4XEncryption.

 

[OliverA]

I'm not using jB4XEncryption but B4XEncryption.

If you want other people to help you, either also include B4XEncryption when you post your problems, or let them know what new library to use (in B4J, it is now jB4XEncryption). Just saying...

 

[OliverA]

I was hoping I could use that cross-platform library.

You can. You just have to create your own. I'm pretty sure the methods in iEncryption/Encryption libraries are similar enough to create standard B4X code.

 

[LucaMs]

If you want other people to help you, either also include B4XEncryption when you post your problems, or let them know what new library to use (in B4J, it is now jB4XEncryption). Just saying...

I didn't notice that B4XEncryption was not an internal library but an additional one.

Don't beat me up for this ?

 

[LucaMs]

You can. You just have to create your own. I'm pretty sure the methods in iEncryption/Encryption libraries are similar enough to create standard B4X code.

"... just have to..."
Tomorrow; today I have to re-invent the wheel ?

 

[Erel]

In the Test routine everything works as expected, in the DBTest routine every time the same text is crypted the return value is different.

This is good. It is not a problem.

The encryption is made with random salt and IV. They are encoded in the result.

 

[KMatle]

Problem:

If you encrypt the same data and get the same result it's easier for a hacker. Remember the German Enigma device (WW2). All messages started with the weather report and the same phrases which caused it to be hacked by England.

Goal:

Same data to encrypt <> same encrypted data = more security

Solution:

Add salt (e.g. first 64 bytes) = random bytes = must be a multiple of 16 = noone knows where the final data starts
IV = AES is a block cypher = IV is some kind of a "sort order" = which block is encrypted first/between/last = 16 random bytes

Encrypted data:

16 bytes salt & 16 bytes IV & encrypted data

Decryption:

- remove first 16 bytes (salt)
- get next 16 bytes (IV) and set/use it (try to set it all to zeroes and you'll get a funny sort order)
- decrypt the remaining bytes

PS: Salt & IV are public, but as you use a salt with a multiple length of 16 noone knows where each data starts

 

[LucaMs]

I solved by changing the project "design"; this new way I can encrypt texts once only and avoid the problem.