如何加密和解密Android的文件？ [英] How to encrypt and decrypt file in Android?

问题描述

我要加密的文件并将其存储在SD卡。我想解密加密的文件，并再次将其存储在SD卡。我曾尝试通过打开的文件流和加密的加密文件，但它不能正常工作。我想就如何做到这一些了解。

I want to encrypt file and store it in SD card. I want to decrypt that encrypted file and store it in SD card again. I have tried to encrypt file by opening as file stream and encrypt is but it is not working. I want some idea on how to do this.

推荐答案

使用一个<一个href="http://docs.oracle.com/javase/7/docs/api/javax/crypto/CipherOutputStream.html"><$c$c>CipherOutputStream或<一href="http://docs.oracle.com/javase/7/docs/api/javax/crypto/CipherInputStream.html"><$c$c>CipherInputStream与密码和您的<一个href="http://docs.oracle.com/javase/7/docs/api/java/io/FileInputStream.html"><$c$c>FileInputStream / <一href="http://docs.oracle.com/javase/7/docs/api/java/io/FileOutputStream.html"><$c$c>FileOutputStream.

Use a CipherOutputStream or CipherInputStream with a Cipher and your FileInputStream / FileOutputStream.

我建议像 Cipher.getInstance（AES / CBC / PKCS5Padding）用于创建密码类。 CBC模式是安全的，不具有<一个href="http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_$c$cbook_.28ECB.29">vulnerabilities ECB模式进行非随机明文。它应该是present任何通用的加密库，确保高兼容性。

I would suggest something like Cipher.getInstance("AES/CBC/PKCS5Padding") for creating the Cipher class. CBC mode is secure and does not have the vulnerabilities of ECB mode for non-random plaintexts. It should be present in any generic cryptographic library, ensuring high compatibility.

不要忘了用<一个href="http://docs.oracle.com/javase/7/docs/api/javax/crypto/spec/IvParameterSpec.html">Initialization矢量（IV）生成由安全随机生成如果你想多个文件使用相同的密钥进行加密。您可以preFIX平原IV的密文的开始。它总是正好一个块（16个字节）的大小。

Don't forget to use a Initialization Vector (IV) generated by a secure random generator if you want to encrypt multiple files with the same key. You can prefix the plain IV at the start of the ciphertext. It is always exactly one block (16 bytes) in size.

如果你想使用一个密码，请确保你使用一个很好的密钥派生机制（查找密码的加密或密码基于密钥派生）。 PBKDF2是最常用的密码基于密钥导出方案，它是 present在最Java运行时，包括Android。请注意，SHA-1是一个有点过时散列函数，但它应该是罚款PBKDF2，并执行目前present最兼容的选项。

If you want to use a password, please make sure you do use a good key derivation mechanism (look up password based encryption or password based key derivation). PBKDF2 is the most commonly used Password Based Key Derivation scheme and it is present in most Java runtimes, including Android. Note that SHA-1 is a bit outdated hash function, but it should be fine in PBKDF2, and does currently present the most compatible option.

始终指定字符编码时，编码/解码字符串，否则你就惨了，该平台的编码不同于previous之一。换句话说，不要使用 String.getBytes（），但使用<一个href="http://docs.oracle.com/javase/7/docs/api/java/lang/String.html#getBytes(java.nio.charset.Charset)"><$c$c>String.getBytes(Charset.forName("UTF-8")).

Always specify the character encoding when encoding/decoding strings, or you'll be in trouble when the platform encoding differs from the previous one. In other words, don't use String.getBytes() but use String.getBytes(Charset.forName("UTF-8")).

要使它更安全，请通过添加安全校验和（MAC或HMAC）在密文和IV，preferably使用不同的密钥加密中添加完整性和真实性。未经认证标签的密文，可以在该不能检测的改变这样的方式来改变。

To make it more secure, please add cryptographic integrity and authenticity by adding a secure checksum (MAC or HMAC) over the ciphertext and IV, preferably using a different key. Without an authentication tag the ciphertext may be changed in such a way that the change cannot be detected.

但是要注意， CipherInputStream 的的可以的 不报告 BadPaddingException ，这包括 BadPaddingException 用于身份验证的加密算法生成的！的

Be warned that CipherInputStream may not report BadPaddingException, this includes BadPaddingException generated for authenticated ciphers!

这篇关于如何加密和解密Android的文件？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！