stackoom
  简体   繁体   中英

which encryption algorithm to use for sending encrypted data from android apk to remote server vice versa

 原文  2016-03-11 18:13:06       java/ android/ encryption/ cryptography

Question

I need to connect to a web service on a remote server, and need to pass all parameters in encrypted form for method calls, and the response from the server needs to be in encrypted form as well. 

APK  ----->encrypted input parameters for method calling ---->remote server
Remote Server ------>decrypt the input parameters and response with same encrpted alg.

The point is I want to use one key (symmetric encryption) for encryption and decryption. Please let me know which code to use for that in android so that it will work correctly in both APK and REMOTE SERVER (Which is Java web service). 

frankly speaking, I have used some algorithms such as DES;

but don't know why sometimes what is encrypted at APK side is not decrypted at REMOTE and null is returned!

One more thing, I want you guys to comment on this: "In order to avoid forgery requests, I used one variable called ReqID at APK side with initial value of 1, and at remote server's web service side I also used a reqID in DB for that client. And with each request comming from APK the reqID is read and appended to a key (that is reqID+key) and used it for encrypting the input parameters of any desired method of the web service, and at server side by receiving that request, the last reqID for that client is read from the DB as well as the key, and used for decrypting the input parameters. And after this, the reqID is increased by one at server side, and at APK side as well to make them be synced. But the issue is sometimes the decrypt at SERVER side doesn't work and returns null and sometimes at APK side while decrypting it fails and return null! What is the solution?

1 answers

solution1
 0 ACCPTED  2016-03-11 19:10:20

Use HTTPS, there is no need to add any additional encryption.

On the server use TLS 1.2 and Perfect Forward Secrecy. Everything will be encrypted including the query parameters. But the query parameters may be caught in server logs so it is best to send sensitive information as a POST.

Pin the server certificate in the app to prevent MITM attacks.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Sending and recieving data structs from Arduino to Android (and vice versa) using Amarino AES Encryption in android and decryption in php and vice versa Can I use firebase to pass data from an Android app to Java programa(JSE & Swing) and vice versa? which-azure-spring-boot-sample-active-directory-example-to-use-to-validate-acces-from resource server to server and vice versa calling Having trouble sending String from client socket to server socket, and vice versa Which json library should I use to pass my array of objects (javascript) to the server (java) and vice versa? how to use variable data from java bean to jsp page and vice versa How to send data from python script through Internet to android app and vice versa. Converting Strings to encryption keys and vice versa java compressing and decompressing Text from html to server and vice-versa
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM