Android上的AES加密
基础算法说明
https://www.youtube.com/watch?v=lnKPoWZnNNM
虽然这个视频讲的非常详细,但是涉及到具体底层算法,大致流程
1. 将数据转成HEX或者byte array
2.将数据分层一块块等大小的数据
3.将数据和key 进行一次混合,加密之后的输出,在生成新的key
4.将新的key和下一个数据,进行加密计算,继续重复
生成的KEY长度有128,192,256,不同的的长度对算法的速度有影响
当然key的长度越长,可能越安全这样
具体的算法是什么呢
为什么要有IV
另外这篇
https://www.youtube.com/watch?v=uWEPEBmFBHw
我们在AES的时候,有key了,为什么要IV呢
大概解释是,IV是个Ramdom的参数,不然每次用key算出来的值是一样的,
所以加上IV后,计算出来的结果会不一样。
Android上的具体AES实现
然后就是PL这个在Android上AES加密的具体实现
https://github.com/philipplackner/AndroidCrypto/tree/encrypt/decrypt
或者参考这个文档
https://medium.com/@jerry.cho.dev/android-keystore-aa7d2b43adfe
基本差不多
1.加密管理器
key的初始化和获取
@RequiresApi(Build.VERSION_CODES.M)
class CryptoManager {//获取keystroe,用于存放加密的keyprivate val keyStore = KeyStore.getInstance("AndroidKeyStore").apply {load(null)}//获取加密器,模式是ENCRYPT_MODEprivate val encryptCipher get() = Cipher.getInstance(TRANSFORMATION).apply {init(Cipher.ENCRYPT_MODE, getKey())}//解码器,模式DECRYPT_MODE,private fun getDecryptCipherForIv(iv: ByteArray): Cipher {return Cipher.getInstance(TRANSFORMATION).apply {init(Cipher.DECRYPT_MODE, getKey(), IvParameterSpec(iv))}}//加密秘钥,存储在keystroe中private fun getKey(): SecretKey {val existingKey = keyStore.getEntry("secret", null) as? KeyStore.SecretKeyEntryreturn existingKey?.secretKey ?: createKey()}private fun createKey(): SecretKey {return KeyGenerator.getInstance(ALGORITHM).apply {init(KeyGenParameterSpec.Builder("secret",KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT).setBlockModes(BLOCK_MODE).setEncryptionPaddings(PADDING).setUserAuthenticationRequired(false).setRandomizedEncryptionRequired(true).build())}.generateKey()}//把byte进行加密,写入IV,写入机密后的bytesfun encrypt(bytes: ByteArray, outputStream: OutputStream): ByteArray {val encryptedBytes = encryptCipher.doFinal(bytes)outputStream.use {it.write(encryptCipher.iv.size)it.write(encryptCipher.iv)it.write(encryptedBytes.size)it.write(encryptedBytes)}return encryptedBytes}//解码,读取IV,根据IV再解码fun decrypt(inputStream: InputStream): ByteArray {return inputStream.use {val ivSize = it.read()val iv = ByteArray(ivSize)it.read(iv)val encryptedBytesSize = it.read()val encryptedBytes = ByteArray(encryptedBytesSize)it.read(encryptedBytes)getDecryptCipherForIv(iv).doFinal(encryptedBytes)}}companion object {private const val ALGORITHM = KeyProperties.KEY_ALGORITHM_AESprivate const val BLOCK_MODE = KeyProperties.BLOCK_MODE_CBCprivate const val PADDING = KeyProperties.ENCRYPTION_PADDING_PKCS7private const val TRANSFORMATION = "$ALGORITHM/$BLOCK_MODE/$PADDING"}}
2.加密
val bytes = messageToEncrypt.encodeToByteArray()val file = File(filesDir, "secret.txt")if(!file.exists()) {file.createNewFile()}val fos = FileOutputStream(file)messageToDecrypt = cryptoManager.encrypt(bytes = bytes,outputStream = fos).decodeToString()3.解密
val file = File(filesDir, "secret.txt")messageToEncrypt = cryptoManager.decrypt(inputStream = FileInputStream(file)).decodeToString()