Android Question encryption problems

uniplan

Active Member
Licensed User
Longtime User
I have written a B4A application that sends data in XML format to a webservice written in vb.net.
For safety data sent is encrypted and decrypted upon receipt by the webservice.

To encrypt the data I use the following B4A sub:

B4X:
Sub Encrypt(dataToEncrypt As String ) As String
   Dim kg As KeyGenerator
   Dim c As Cipher
   Dim B64 As Base64
   Dim bconv As ByteConverter

   Dim data(0) As Byte
   Dim iv(0) As Byte
   iv = Array As Byte(8, 8, 2, 10, 12, 12, 28, 5) ' 16 bytes for AES
     
   c.Initialize("DESEDE/CBC/PKCS5Padding")   
   c.InitialisationVector = iv
   kg.Initialize("DESEDE")
  
   kg.KeyFromBytes(bconv.StringToBytes("XXXX000011Ix2010","ASCII"))
   data = bconv.StringToBytes(dataToEncrypt, "ASCII")     
   data = c.Encrypt(data, kg.Key, True)           

   Return B64.EncodeBtoS(data, 0, data.Length)
  
End Sub

To decrypt the data I use the following vb.net code:

B4X:
Private Function Decrypt(encryptedData As String) As String
        Dim buffer As Byte() = System.Convert.FromBase64String(encryptedData)
        Dim des As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider()
        des.IV = New Byte() {8, 8, 2, 10, 12, 12, 28, 5}
        des.Key = ASCIIEncoding.ASCII.GetBytes("XXXX000011Ix2010")
        Dim result As String = Encoding.ASCII.GetString(des.CreateDecryptor().TransformFinalBlock(buffer, 0, buffer.Length))
        des.Clear()
        Return result
    End Function

Until now everything worked properly.

Today I tried the app on a device Android 6.0.1 and I can no decrypt data.

I have noticed that the encrypted string with an Android 5.0.2 device is different from that encrypted with a device 6.0.1.

The first is successfully decrypted the second is not.

What might be this anomaly?
 

Erel

B4X founder
Staff member
Licensed User
Longtime User
Try this:
B4X:
   Dim c As Cipher
   InitializeCipher(c, "DESEDE/CBC/PKCS5Padding")


Sub InitializeCipher(c As Cipher, transformation As String)
   Dim r As Reflector
   Dim o As Object = r.RunStaticMethod("javax.crypto.Cipher", "getInstance", Array(transformation, "BC"), _
     Array As String("java.lang.String", "java.lang.String"))
   r.Target = c
   r.SetField2("cipher", o)
End Sub
 
Upvote 0

uniplan

Active Member
Licensed User
Longtime User
Try this:
B4X:
   Dim c As Cipher
   InitializeCipher(c, "DESEDE/CBC/PKCS5Padding")


Sub InitializeCipher(c As Cipher, transformation As String)
   Dim r As Reflector
   Dim o As Object = r.RunStaticMethod("javax.crypto.Cipher", "getInstance", Array(transformation, "BC"), _
     Array As String("java.lang.String", "java.lang.String"))
   r.Target = c
   r.SetField2("cipher", o)
End Sub

I did not understand well.
If I use the code you've shown I solve my problem of compatibility with newer versions of Android?
 
Upvote 0

Jeffrey Cameron

Well-Known Member
Licensed User
Longtime User
Just came across this problem on a new app, thank you for your work-around in post #4.

This solution was proposed back in April, has the Encryption library's initialize method been updated since then to allow us to specify the "BC" parameter via an additional Initialize method or parameter?
 
Upvote 0

Rusty

Well-Known Member
Licensed User
Longtime User
Thanks for the update on the Android side, works great!
I have a server that is running in Windows that has always generated the "Pre-Marshmallow" encryption flawlessly.
Now, with the Android decrypting with the new initialize, the Windows generated encryption doesn't decrypt on the Android.
Is there a change I need to make to the Windows side that will allow the encryption there to match that of the Android?

Alternatively, is there a way to do AES from both Windows and Android?
Thanks,
Rusty
 
Last edited:
Upvote 0

Rusty

Well-Known Member
Licensed User
Longtime User
B4X:
    Private lblSource As Label
    Private lblDestination As Label
    Private lblRecrypt As Label
    Private Pswd As String = "password"
    Private btnSuperQuestion As Button
End Sub

Sub Activity_Create(FirstTime As Boolean)
    Activity.LoadLayout("1")
  
    lblSource.Text = "this is a test"
    Dim encrypted() As Byte = EncryptText(lblSource.Text, Pswd)
    Dim decrypted As String = DecryptText(encrypted, Pswd)
  
    lblDestination.Text = BytesToString(encrypted, 0, encrypted.Length, "utf8")
    lblRecrypt.Text = decrypted
  
End Sub

Sub EncryptText(text As String, Password As String) As Byte()
   Dim c As B4XCipher
   Return c.Encrypt(text.GetBytes("utf8"), Password)
End Sub

Sub DecryptText(EncryptedData() As Byte, Password As String) As String
   Dim c As B4XCipher
   Dim b() As Byte = c.Decrypt(EncryptedData, Password)
   Return BytesToString(b, 0, b.Length, "utf8")
End Sub
Thanks Erel,
Is there a VB.net or C#.net version on the PC side?

UPDATE: I wrote a Visual Studio AES encryption/decryption routine that seems to work well, but the encrypted results don't match that of the b4xencryption.
(Same passwords).
VS: text = "this is a test" password= "password" result="EJFilZfWRz1Tumxeh05q7A=="
B4x text= "this is a test" password= "password result="�|���[�_Y~��?i~��I�/Ь�:�E���<,�̹"
(I used Erel's b4xencrypt example to generate the b4x result)
Any ideas?
 
Last edited:
Upvote 0

KMatle

Expert
Licensed User
Longtime User
="�|���[�_Y~��?i~��I�/�:�E���<,�

Encode this (Byte Array) to Base64 (StringUtils) and you will get "EJFilZfWRz1Tumxeh05q7A=="

As you see, all the data is converted to Bytes to en-/decrypt first because numeric values are needed (= Byte values). To Exchange the data it is common to encode that Bytes to a "usable" Format: String (exactly: Base64 string). Transfering Bytes is too complicated. So everyone encodes it to Base64.

EJFilZfWRz1Tumxeh05q7A== is a typical Base64 string. Just encode ""]="�|���[�_Y~��?i~��I�/�:�E���<,�[/" to Base64 and you have EJFilZfWRz1Tumxeh05q7A==
 
Upvote 0

Rusty

Well-Known Member
Licensed User
Longtime User
Erel,
I can get the new code (in post #4) to work on the Marshmallow, but when I run it on something else, it doesn't encrypt/decrypt correctly.
Any suggestions?
I'm using your code verbatim.

OOPS...never mind. I had used NoPadding and failed to update your code to this method...
Thanks for all your continued support ... even for bad over-sights...:)
Rusty
 
Upvote 0
Top