It just depends on how much the images are worth and how much the decryption costs the unauthorized party. If the images are not worth much (hypothetically speaking, of course), then decompiling the application isn't worth it. If on the other hand, the images will land you in jail (again, hypothetically speaking), then the app should not be capable of decrypting the images without the user-provided password.
Yusuf Saib Android ·T· · ·Mobile· stick together The views, opinions and statements in this email are those of the author solely in their individual capacity, and do not necessarily represent those of T-Mobile USA, Inc. On Sep 2, 1:42 pm, gymshoe <[email protected]> wrote: > Isn't java byte code remarkeably easy to reverse engineer into source > code using one of many free java decompilers? > > From my understanding, even using an obfuscator on the byte code (if > that is possible with android implementation) isn't terrible effective > at preventing decompilers from doing a good job of reconstructing your > code. > > I am also trying to work out a method of securely encrypting private > information (not critical, like account information or passwords) but > short of forcing the user to enter a password/pin (which I don't > want), I can't see how it would be easy to prevent a decompiler from > easily determining your encryption strategy (algorithm & > secret_key). > > Any ideas? > thanks, > Jim > > On Aug 27, 2:29 am, zeeshan <[email protected]> wrote: > > > > > i am just protecting some images (about 500) i downloaded on sdcard. > > on the first run it downloads and write each by CipherOutputStream and > > for the next time it decrypt those images by CipherInputStream. > > a static key works at the moment > > > On Aug 26, 3:07 pm, Haravikk <[email protected]> wrote: > > > > The more important question I think is why are you doing this, what > > > information are you trying toprotect? > > > It seems like you're adding encryption for the sake of it, but in fact > > > your solution won't be much more secure against someone determined to > > > get at the file's contents. If the key is static, then it is easier to > > > break, but if it changes then it would need to be stored, making it > > > easier to access. > > > > One alternative is to generate the secret-key using a sufficiently > > > hard to guess algorithm, using some information about the device, so > > > that the key used is very different for every user, reducing the > > > change of simple comparisons being able to break your encryption. > > > However, someone clever could still probably figure out how your > > > encryption works by examining the Java byte-code, as while it's tough > > > to get your head around it's not impossible to understand. > > > > Perhaps in your case the effort required to break the encryption might > > > be more than it's worth to get into the file, but if you let us know > > > what kind of information you're hoping to store, then perhaps we can > > > give you some better solutions? If it's something "dangerous", like > > > payment details or something, then you need the most rock-solid > > > solution possible, but if it's something minor then encryption may be > > > a waste of time entirely. > > > > On Aug 26, 2:46 pm, zeeshan <[email protected]> wrote: > > > > > key never change once its been created. > > > > > as i know SecretKey generates by a funtion as above, how can i set it > > > > as constant > > > > can you plz provide example? > > > > > On Aug 26, 1:39 pm, Sujay Krishna Suresh <[email protected]> > > > > wrote: > > > > > > On Wed, Aug 26, 2009 at 5:41 PM, zeeshan <[email protected]> wrote: > > > > > > > key doesn't change. > > > > > > can i store keyString in preferences to retrieve for decryption > > > > > > yes that'd be better than storin it in a file. But better to jus have > > > > > a > > > > > constant field in ur class that cointains ur key. > > > > > > > SecretKey key = KeyGenerator.getInstance("DES").generateKey(); > > > > > > byte[] keybytes = key.getEncoded(); > > > > > > String keyString = new String(keybytes); > > > > > > If u r gonna execute these set of statements then wont the key > > > > > change?? > > > > > > > or plz provide any example for the best practice > > > > > > > On Aug 26, 12:28 pm, Sujay Krishna Suresh <[email protected]> > > > > > > wrote: > > > > > > > If it is only used by ur application, jus use a String instance > > > > > > > to hold > > > > > > the > > > > > > > key. y store in a file?? > > > > > > > ll the key change dynamically??? > > > > > > > > On Wed, Aug 26, 2009 at 4:55 PM, zeeshan <[email protected]> > > > > > > > wrote: > > > > > > > > > encryption and decryption is the app's internal functionality. > > > > > > > > user > > > > > > > > has nothing to do with this > > > > > > > > i encrypt the file on 1st run and on 2nd run i check if file is > > > > > > > > there > > > > > > > > then decrypt and show. > > > > > > > > so only thing i understand is to store the key somewhere in the > > > > > > > > app so > > > > > > > > i can access it for decryption. > > > > > > > > just wondering if this help > > > > > > > > File keyFile = new File("data/data/package name/key"); > > > > > > > > > i followed this link for encryption and decryption > > > > > > > > >http://www.java2s.com/Tutorial/Java/0490__Security/UsingCipherInputSt. > > > > > > .. > > > > > > > > > On Aug 26, 12:11 pm, Sujay Krishna Suresh > > > > > > > > <[email protected]> > > > > > > > > wrote: > > > > > > > > > I think its better to ask the user for the secret key rather > > > > > > > > > than > > > > > > storin > > > > > > > > it > > > > > > > > > smwhere. > > > > > > > > > > On Wed, Aug 26, 2009 at 4:30 PM, zeeshan <[email protected]> > > > > > > > > > wrote: > > > > > > > > > > > Hi Dear, > > > > > > > > > > > i wrote a small application which encrypt some files using > > > > > > > > > > a secret > > > > > > > > > > key. > > > > > > > > > > i need to decrypt files on 2nd run which requires same key > > > > > > > > > > again > > > > > > > > > > plz advise where should i store the secret key. > > > > > > > > > > -- > > > > > > > > > Regards, > > > > > > > > > Sujay > > > > > > > > > Mike Ditka < > > > > > >http://www.brainyquote.com/quotes/authors/m/mike_ditka.html> > > > > > > > > - > > > > > > > > > "If God had wanted man to play soccer, he wouldn't have given > > > > > > > > > us > > > > > > arms." > > > > > > > > -- > > > > > > > Regards, > > > > > > > Sujay > > > > > > > Pablo Picasso< > > > > > >http://www.brainyquote.com/quotes/authors/p/pablo_picasso.html> > > > > > > > - "Computers are useless. They can only give you answers." > > > > > > -- > > > > > Regards, > > > > > Sujay > > > > > Jonathan > > > > > Swift<http://www.brainyquote.com/quotes/authors/j/jonathan_swift.html> > > > > > - "May you live every day of your life."- Hide quoted text - > > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~----------~----~----~----~------~----~------~--~---
