B4J Question B4XCipher

LucaMs

Expert
Licensed User
Longtime User
Please, run the B4J project attached. Try Test routine and then DBTest (comment/uncomment the lines).


I'm trying to store a Base64 string, which is the result of a text encryption, and retrieve it "later".

In the Test routine everything works as expected, in the DBTest routine every time the same text is crypted the return value is different.

If this was caused by Salt and IV it should also do so in the Test routine.

How to solve?
 

Attachments

  • B4XEncryptionTest.zip
    10.6 KB · Views: 164

OliverA

Expert
Licensed User
Longtime User
what am I supposed to do with that Encryption-Decryption made that way, with a random Salt?
Don't use B4XCipher. That is not what it is made for (your use case. A similar case was here: https://www.b4x.com/android/forum/threads/solved-b4xencryption-decrypt.125100/).
You'll have to write your own routines using iEncryption library (https://www.b4x.com/android/forum/threads/iencryption-library.46991/#content) on iOS and Encryption library (https://www.b4x.com/android/forum/threads/base64-and-encryption-library.6839/#content) for B4A/B4J. Someone may already have something posted on this forum
Note: B4XCipher is now part of the jB4XEncryption internal library. You don't need to use the old external library anymore
 
Upvote 0

LucaMs

Expert
Licensed User
Longtime User
I was hoping I could use that cross-platform library.


Note: B4XCipher is now part of the jB4XEncryption internal library. You don't need to use the old external library anymore
I'm not using jB4XEncryption but B4XEncryption.
 
Upvote 0

OliverA

Expert
Licensed User
Longtime User
I'm not using jB4XEncryption but B4XEncryption.
If you want other people to help you, either also include B4XEncryption when you post your problems, or let them know what new library to use (in B4J, it is now jB4XEncryption). Just saying...
 
Upvote 0

OliverA

Expert
Licensed User
Longtime User
I was hoping I could use that cross-platform library.
You can. You just have to create your own. I'm pretty sure the methods in iEncryption/Encryption libraries are similar enough to create standard B4X code.
 
Upvote 0

KMatle

Expert
Licensed User
Longtime User
Problem:

If you encrypt the same data and get the same result it's easier for a hacker. Remember the German Enigma device (WW2). All messages started with the weather report and the same phrases which caused it to be hacked by England.

Goal:

Same data to encrypt <> same encrypted data = more security

Solution:

Add salt (e.g. first 64 bytes) = random bytes = must be a multiple of 16 = noone knows where the final data starts
IV = AES is a block cypher = IV is some kind of a "sort order" = which block is encrypted first/between/last = 16 random bytes

Encrypted data:

16 bytes salt & 16 bytes IV & encrypted data

Decryption:

- remove first 16 bytes (salt)
- get next 16 bytes (IV) and set/use it (try to set it all to zeroes and you'll get a funny sort order)
- decrypt the remaining bytes

PS: Salt & IV are public, but as you use a salt with a multiple length of 16 noone knows where each data starts
 
Upvote 0
Top