Android Tutorial Encrypting information with RandomAccessFile library

Erel · Sep 18, 2011

RandomAccessFile v1.30 introduces two new methods named: WriteEncryptedObject and ReadEncryptedObject.
These methods are similar to WriteObject and ReadObject methods. The difference is that the new methods encrypt the object before writing it to a file and decrypt it before reading. The encryption algorithm is AES-256 which is considered to provide strong protection.

Android SQLite implementation doesn't support encryption. In many cases you can use these two methods instead. You can create a large Map or List with your own structures and save them to a file.
Edit: Using the new SQLCipher library you can encrypt SQLite databases: http://www.b4x.com/forum/basic4andr...id-database-encryption-sqlcipher-library.html

Developers who are not familiar with WriteObject / ReadObject should try these methods. They are very easy to use and allow you to store complicated objects in a single line of code. Unlike File.WriteMap / WriteList which convert the data to a string, WriteObject and WriteEncryptedObject can write many types of data without losing any information.

You can see more information about the supported types here: Basic4android - RandomAccessFile

Example of writing an encrypted List to a file:

B4X:

Sub Activity_Create(FirstTime As Boolean)
   Dim list1 As List
   list1.Initialize
   For i = 1 To 1000
      list1.Add("Item #" & i)
   Next
   'writing the object
   Dim raf As RandomAccessFile
   raf.Initialize(File.DirRootExternal, "1.dat", False)
   raf.WriteEncryptedObject(list1, "some secret password", raf.CurrentPosition)
   'you can continue to write more objects to this file
   '...
   raf.Close
   
   'reading the object
   Dim raf As RandomAccessFile
   raf.Initialize(File.DirRootExternal, "1.dat", False)
   Dim list2 As List
   list2 = raf.ReadEncryptedObject("some secret password", raf.CurrentPosition)
   Log(list2)
   raf.Close
End Sub

Other more advanced encryption methods are available in the encryption library: http://www.b4x.com/forum/additional-libraries-official-updates/6839-base64-encryption-library.html

The library is available here: http://www.b4x.com/forum/additional...domaccessfile-v1-30-writeenctypredobject.html

shashkiranr · Apr 24, 2015

Hi Locxtronic,

See the below threads.

https://www.b4x.com/android/forum/threads/b4xencryption.48177/#content

https://www.b4x.com/android/help/encryption.html

Regards,
SK

Erel · Apr 24, 2015

You can use raf.Initialize3 with a large enough array.

omidaghakhani1368 · Jun 25, 2015

Hi Erel.
For save randomaccessfile's password for prevent hack,i should save pass in process_global and compile with obfuscate release,isn't ?

Erel · Jun 25, 2015

It is better though a hacker can always rerun the code and decrypt the data.

omidaghakhani1368 · Jun 25, 2015

Hi Erel.
For save randomaccessfile's password for prevent hack,i should save pass in process_global and compile with obfuscate release,isn't ?

Erel said:
It is better though a hacker can always rerun the code and decrypt the data.

Oh my god,thus how i store pass in basic?

Erel · Jun 28, 2015

Storing a password inside the program is never safe.

omidaghakhani1368 · Jun 28, 2015

Erel said:
Storing a password inside the program is never safe.

Do you have a way for use password on program?

Erel · Jun 28, 2015

If the password is stored somewhere in the program then a hacker can always decompile your app and run the code with a debugger and find the password.
It doesn't mean that you shouldn't store passwords. It means that you need to understand the security risks.

The other approach will be to let the user enter the password or authenticate with an external server.

omidaghakhani1368 · Jun 28, 2015

Yes security risk.
I decide to create key in server and send to client and then save in file with encryption

Devv · Nov 5, 2015

B4X:

Dim raf As RandomAccessFile
Dim test As String

   raf.Initialize(File.DirRootExternal, "test.dat", False)
   'Dim list2 As List
   test = raf.ReadEncryptedObject("some secret password", raf.CurrentPosition)
   Log(test)
   raf.Close

** Activity (main) Create, isFirst = true **
main_activity_create (B4A line: 46)
test = raf.ReadEncryptedObject("some secret pas
java.lang.OutOfMemoryError
at anywheresoftware.b4a.randomaccessfile.RandomAccessFile.readHelper(RandomAccessFile.java:408)
at anywheresoftware.b4a.randomaccessfile.RandomAccessFile.ReadEncryptedObject(RandomAccessFile.java:403)
at b4a.example.main._activity_create(main.java:353)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:525)
at anywheresoftware.b4a.BA.raiseEvent2(BA.java:187)
at b4a.example.main.afterFirstLayout(main.java:102)
at b4a.example.main.access$000(main.java:17)
at b4a.example.main$WaitForLayout.run(main.java:80)
at android.os.Handler.handleCallback(Handler.java:730)
at android.os.Handler.dispatchMessage(Handler.java:92)
at android.os.Looper.loop(Looper.java:176)
at android.app.ActivityThread.main(ActivityThread.java:5419)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:525)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1046)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:862)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)
at dalvik.system.NativeStart.main(Native Method)

the list example worked ok, what i'am doing wrong with my code ?

Informatix · Nov 5, 2015

omidaghakhani1368 said:
Yes security risk.
I decide to create key in server and send to client and then save in file with encryption

A hacker will inject code to know the data exchanged with the client (by using a valid copy of your app) before anything is encrypted (or he will just monitor the network with a sniffer if data are in plain text) so your solution does not protect anything.

Devv · Nov 5, 2015

Informatix said:
A hacker will inject code to know the data exchanged with the client (by using a valid copy of your app) before anything is encrypted (or he will just monitor the network with a sniffer if data are in plain text) so your solution does not protect anything.

What if the communication with the server was https post ?

Informatix · Nov 5, 2015

Devv said:
What if the communication with the server was https post ?

The app encrypts the received password, so before its encryption the password is stored in plain text in a string. A hacker just has to log the string.

Devv · Nov 5, 2015

Informatix said:
The app encrypts the received password, so before its encryption the password is stored in plain text in a string. A hacker just has to log the string.

So what is the solution here MR. Informatix

Informatix · Nov 5, 2015

Devv said:
So what is the solution here MR. Informatix

I created a few libraries and two guides for app protection. Here. It's not free. The other possibility is to externalize the password or the authentication as suggested by Erel in post #28.

tufanv · Nov 18, 2015

Is it safe to store a subscription data with this lib?
I just want to add a ending date&time for a subscription. can I use writeencryptedobject to just write a date ? Also can i delete or update an entry ?

Erel · Nov 18, 2015

It is safe as long as the password is safe.

tufanv said:
can I use writeencryptedobject to just write a date ?

Yes.

tufanv said:
Also can i delete or update an entry ?

You can write a new value over the previous one.
Consider using KeyValueStore instead. It is simpler to work with.

tufanv · Nov 18, 2015

Erel said:
It is safe as long as the password is safe.

Yes.

You can write a new value over the previous one.
Consider using KeyValueStore instead. It is simpler to work with.

I was going to use it but think that maybe it is not safe .
is keyvaluestore aso secure as this lib ? ( it doesnt have any password protection etc.. )

edit: found the answer by myself. It also uses encryptedwriting so it is safe

zani · Aug 20, 2016

Erel said:
RandomAccessFile v1.30 introduces two new methods named: WriteEncryptedObject and ReadEncryptedObject.
These methods are similar to WriteObject and ReadObject methods. The difference is that the new methods encrypt the object before writing it to a file and decrypt it before reading. The encryption algorithm is AES-256 which is considered to provide strong protection.

Android SQLite implementation doesn't support encryption. In many cases you can use these two methods instead. You can create a large Map or List with your own structures and save them to a file.
Edit: Using the new SQLCipher library you can encrypt SQLite databases: http://www.b4x.com/forum/basic4andr...id-database-encryption-sqlcipher-library.html

Developers who are not familiar with WriteObject / ReadObject should try these methods. They are very easy to use and allow you to store complicated objects in a single line of code. Unlike File.WriteMap / WriteList which convert the data to a string, WriteObject and WriteEncryptedObject can write many types of data without losing any information.

You can see more information about the supported types here: Basic4android - RandomAccessFile

Example of writing an encrypted List to a file:

B4X:

Sub Activity_Create(FirstTime As Boolean) Dim list1 As List list1.Initialize For i = 1 To 1000 list1.Add("Item #" & i) Next 'writing the object Dim raf As RandomAccessFile raf.Initialize(File.DirRootExternal, "1.dat", False) raf.WriteEncryptedObject(list1, "some secret password", raf.CurrentPosition) 'you can continue to write more objects to this file '... raf.Close 'reading the object Dim raf As RandomAccessFile raf.Initialize(File.DirRootExternal, "1.dat", False) Dim list2 As List list2 = raf.ReadEncryptedObject("some secret password", raf.CurrentPosition) Log(list2) raf.Close End Sub

Other more advanced encryption methods are available in the encryption library: http://www.b4x.com/forum/additional-libraries-official-updates/6839-base64-encryption-library.html

The library is available here: http://www.b4x.com/forum/additional...domaccessfile-v1-30-writeenctypredobject.html

hi can use it for file Encryption?

KMatle · Aug 21, 2016

zani said:
can use it for file Encryption

Yes (as the name suggests ). See the documentation about it. Very easy.

Android Tutorial Encrypting information with RandomAccessFile library

Active Member

B4X founder

Well-Known Member

B4X founder

Well-Known Member

B4X founder

Well-Known Member

B4X founder

Well-Known Member

Active Member

Expert

Active Member

Expert

Active Member

Expert

Expert

B4X founder

Expert

Member

Expert

Similar Threads

Privacy & Transparency

Privacy & Transparency