Android应用程序中的字符串保护 [英] Strings protection in Android application

问题描述

我想保护我的Android应用程序中的某些字符串，它包含不应查看的信息.到目前为止，我最好的想法是使用AES算法或其他方法对这些字符串进行加密，然后将密码放入只能通过身份验证(通过Firebase Auth)查看的Google Cloud Storage文件中，因此从理论上讲，应用程序始终会访问需要时该文件.这是个好主意吗?

I want to protect some Strings in my Android application, it contain information that should not be viewed. The best idea I've had so far is to encrypt these strings using an AES algorithm or something and put the password in a Google Cloud Storage file that can only be viewed with authentication (by Firebase Auth), so in theory the application always accesses that file when need. This is a good idea?

推荐答案

我已经解决了我的问题，我有两种方法都可以很好地工作:

I have already solved my question, I have these two methods that work very well:

public static String encrypt(String message, String key) {
        String cipherText = null;

        try {
            Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
            cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key.getBytes(), "AES"));
            byte[] bytes = cipher.doFinal(message.getBytes("UTF-8"));

            cipherText = Base64.encodeToString(bytes, Base64.DEFAULT);
        } catch(Exception ex) {
            ex.printStackTrace();
        }

        return cipherText;
    }

    public static String decrypt(String encoded, String key) {
        String decryptString = null;

        try {
            byte[] bytes = Base64.decode(encoded, Base64.DEFAULT);

            Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
            cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key.getBytes(), "AES"));
            decryptString = new String(cipher.doFinal(bytes), "UTF-8");
        } catch(Exception ex) {
            ex.printStackTrace();
        }

        return decryptString;
    }

crypto方法在AES中对消息进行加密之后，它使用Base64将byte []转换为可读的String，该字符串可以存储在strings.xml文件或Java类中，然后decrypt方法执行相反的操作.而且我的应用程序只能通过Firebase Storage在线获取密钥.

After the encrypt method encrypts the message in AES, it uses Base64 to make the byte[] into a readable String that can be stored in a strings.xml file or Java Class, and the decrypt method does the inverse. And my application only pick up the key online via Firebase Storage.

现在，如果有人试图对我的代码进行反向工程，那么他们唯一能看到的就是:

Now, if someone tries to reverse engineer my code, the only thing they can see is:

<string name="code_1">nuD559T1j8VSqjidiF3Yag==</string>
    <string name="code_2">+4MTk9TaJJAJEV6D07K++Q==</string>
    <string name="code_3">4GlPuHyAGhd48bjuSvcvQQ==</string>
    <string name="code_4">yQnq3/tEIxJe67bhBuzoHw==</string>
    <string name="code_5">p/sDptvxdi0ynsuybvfI+A==</string>
    <string name="code_6">dE4aV0wG0aINh/dw0wwevQ==</string>
    <string name="code_7">vxNaPmHvnbGsydOYXSOSUA==</string>
    <string name="code_8">fClfcC/Eweh9tA8xz6ktGw==</string>
    <string name="code_9">FxzAZpH+SJt5Lv6VFU/BEQ==</string>
    <string name="code_10">qh3jFGHOGMzt50WOwTG4H4Y2Vbr7TzO433tbB3s6P34=</string>
    <string name="code_11">u7kZjN/bxkMEqDws4nvbnQ==</string>
    <string name="code_12">Ccf2u8FJGJ1lsiR7aX5OSw==</string>
    <string name="code_13">E4XsWDHO28pOhV4ter/f2A==</string>
    <string name="code_14">kgPr+Yz3t4S+Y5zQXjkvJA==</string>
    <string name="code_15">19CpjUzKOw1fL8bZH8xkMg==</string>

这篇关于Android应用程序中的字符串保护的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！