如何在Android中加密和解密文件？ [英] How to encrypt and decrypt file in Android?

问题描述

我想加密文件并将其存储在SD卡中。我想解密该加密文件，并将其存储在SD卡中。我尝试通过打开文件流加密文件加密，但它不工作。我想知道如何做到这一点。

I want to encrypt file and store it in SD card. I want to decrypt that encrypted file and store it in SD card again. I have tried to encrypt file by opening as file stream and encrypt is but it is not working. I want some idea on how to do this.

推荐答案

使用 CipherOutputStream 或 CipherInputStream 使用密码和您的 FileInputStream / FileOutputStream 。

Use a CipherOutputStream or CipherInputStream with a Cipher and your FileInputStream / FileOutputStream.

我会建议像 Cipher.getInstance（AES / CBC / PKCS5Padding），用于创建密码类。 CBC模式是安全的，并且没有非随机明文ECB模式的漏洞。它应该存在于任何通用的加密库中，确保高兼容性。

I would suggest something like Cipher.getInstance("AES/CBC/PKCS5Padding") for creating the Cipher class. CBC mode is secure and does not have the vulnerabilities of ECB mode for non-random plaintexts. It should be present in any generic cryptographic library, ensuring high compatibility.

不要忘记使用由（IV） .com / javase / 7 / docs / api / java / security / SecureRandom.htmlrel =nofollow noreferrer>安全随机生成器，如果要使用相同的密钥加密多个文件。您可以在密文开头的前缀为plain IV。它的大小总是一个块（16字节）。

Don't forget to use a Initialization Vector (IV) generated by a secure random generator if you want to encrypt multiple files with the same key. You can prefix the plain IV at the start of the ciphertext. It is always exactly one block (16 bytes) in size.

如果要使用密码，请确保使用一个好的密钥导出机制（查找基于密码的加密或基于密码的密钥导出）。 PBKDF2是最常用的基于密码的密钥导出方案，它是存在于大多数Java运行时，包括Android。请注意，SHA-1是一个过时的散列函数，但它在PBKDF2中应该是正常的，并且当前呈现最兼容的选项。

If you want to use a password, please make sure you do use a good key derivation mechanism (look up password based encryption or password based key derivation). PBKDF2 is the most commonly used Password Based Key Derivation scheme and it is present in most Java runtimes, including Android. Note that SHA-1 is a bit outdated hash function, but it should be fine in PBKDF2, and does currently present the most compatible option.

当编码/解码字符串时，始终指定字符编码，否则当平台编码与上一个编码不同时，您将遇到问题。换句话说，不要使用 String.getBytes（），而是使用 String.getBytes（Charset.forName（UTF-8）） 。

Always specify the character encoding when encoding/decoding strings, or you'll be in trouble when the platform encoding differs from the previous one. In other words, don't use String.getBytes() but use String.getBytes(Charset.forName("UTF-8")).

为了使其更加安全，请通过在密文上添加安全校验和（MAC或HMAC）来增加加密完整性和真实性和IV，优选使用不同的键。没有身份验证标签，密文可能会以不能被检测到的方式进行更改。

To make it more secure, please add cryptographic integrity and authenticity by adding a secure checksum (MAC or HMAC) over the ciphertext and IV, preferably using a different key. Without an authentication tag the ciphertext may be changed in such a way that the change cannot be detected.

请注意， CipherInputStream 可能 不报告 BadPaddingException ，其中包括 BadPaddingException 为认证密码生成！

Be warned that CipherInputStream may not report BadPaddingException, this includes BadPaddingException generated for authenticated ciphers!

这篇关于如何在Android中加密和解密文件？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！