Hi All,
We are trying to develop an application on both Java and Android to
read encrypted data using AES. For both platforms, we are using the
exact same code to encrypt and decrypt.
Under android, we can encrypt and later decrypt the file, and same
applies under java. However, if we tried to decrypt under android a
file that was originally encrypted under java, or vice versa, it does
not work.
We generated our keys as below, where rawKeyString is our hidden key:-
KeyGenerator keyGen = KeyGenerator.getInstance("AES");
SecureRandom secRand = SecureRandom.getInstance("SHA1PRNG");
secRand.setSeed(rawKeyString);
kgen.init(128, sr);
SecretKey skey = keyGen.generateKey();
return skey.getEncoded();
We find that the values of skey.getEncoded are different for java and
android. Also, if we skipped this step altogether and instead, used
rawKeyString directly to generate an IV and also to call
cipher.doFinal, then android is able to decrypt a java encrypted file
and vice versa.
We believe the issue is SecureRandom. The provider for SecureRandom
under android is Crypto, whereas under java, its Sun. Not sure if this
is the cause of the problem.
Has anyone ever come across this and is there a solution for us to
produce the same results under android/java/linux? If not, would it
compromise the security of the data if we skipped this step?
PS: When we encrypt/decrypt, we are using the same PC running under
Linux. Android is running through AVD/Eclipse - so basically the
hardware is the same, the code is the same.
Thanks for your help.
