安卓加密/解密
[英]Android Encryption/Decryption
问题描述
There are many encryption algorithms and most of them require IV and KEY and Plaintext .
有许多加密算法,其中大多数需要IV和KEY和Plaintext 。
In Android, we have to add 3 of them to our code.在 Android 中,我们必须将其中 3 个添加到我们的代码中。 On the other side, Android is open source and everyone can extract APK files and access the IV and the KEY , this doesn't make it secure.另一方面,Android 是开源的,每个人都可以提取 APK 文件并访问IV和KEY ,这并不使其安全。
Which algorithms are better and unbreakble that can be applied in Java and PHP.哪些算法更好且牢不可破,可以应用于 Java 和 PHP。 I'm working on a Project similar to Instagram/Facebook/Twitter, Security is the first problem for such applications.我正在开发一个类似于 Instagram/Facebook/Twitter 的项目,安全性是此类应用程序的第一个问题。
1 个解决方案
解决方案1
0 已采纳 2018-10-25 09:20:14
Let's start with basic stuff:让我们从基本的东西开始:
- never store an IV/KEY in the source code or unencrypted within the app filesystem永远不要在源代码中存储 IV/KEY 或在应用程序文件系统中未加密
- your might want to look into the Android KeyStore and it's supported operations您可能想查看 Android KeyStore 及其支持的操作
- you might need to depend upon the existence of a hardware keystore (so that users cannot modify locally stored keys)您可能需要依赖于硬件密钥库的存在(以便用户无法修改本地存储的密钥)
For more information I would recommend to look into the OWASP MSTG -- Android Data Store and Android Cryptographic APIs might be interesting to you有关更多信息,我建议您查看OWASP MSTG ——Android Data Store 和 Android Cryptographic APIs 可能对您感兴趣
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.