What is the most secure encryption mode for Android?

tags:

android

views:

answers:

+2 Q:

What is the most secure encryption mode for Android?

Currently I am using:

Algorithm_mode_padding="RSA/ECB/PKCS1Padding" Provider="BC"

I have heard that ECB can cause patterns in the output. What is the most secure Algorithm, mode and padding for Android at the moment? I will be using this for license files.

Also, what is the best keysize to use when creating a new public and private key?

ECB isn't advisable in general, but worrying this much about encryption schemes and key sizes is moot if you're using it (presumably) to decrypt files on your device.

If you're decrypting a licence file in your application in order to verify it, then you would need to have the private key embedded in your application. So no matter what key length it is, the user would be able to access it.

On the other hand, you could retrieve the private key from a server dynamically (or similar), but at that point you may as well just do the decryption/validation all online anyway.

Christopher 2010-05-30 16:57:41

What are the alternatives to ECB on Android?

jax 2010-05-30 17:10:42

I will only be putting the public key on the device not the private key

jax 2010-05-30 17:28:59

Actually, after thinking about it for a while I am actually getting what you mean now. You are saying that they can decrypt the file anyway (because they have the public key or can get it from hacking the software) so the level of encryption does not really matter. The main thing is that they don't have the private key so they can't make their own custom keys anyway. The contents of the file don't matter (the content is not sensitive). It is just that the decryption process needs the private key to generate them.

jax 2010-05-30 17:42:14

CBC is the usual alternative to ECB, but it depends on the cipher.If you're only putting the public key on the device, then that's fine -- it's public information. :) But that means you can only *encrypt* information within your application. You need the private key, which remains in your posession to decrypt that info. So I'm not sure whether this is suitable for your scheme.

Christopher 2010-05-30 20:50:53

Hi Christoper. Now I am a little confused. I was under the impression that you encrypt with the private key and decrypt with the public key (which gets passed around). That is the way I am currently doing it (and it is working). Can you please give me some advice here?

jax 2010-06-01 16:16:44

http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=/rzahu/rzahukeypair.htm this say s that your encrypt with private and decrypt with public

jax 2010-06-01 16:50:39

That article is about PKI, which I'd guess is more complex than what you want. In public key (asymmetric) cryptography (http://en.wikipedia.org/wiki/Public-key_cryptography), you encrypt with the public key -- anyone can write you a message -- and you decrypt it with the private key.You could ask a separate, more-specific question on the site if you have something in particular you want to do.

Christopher 2010-06-01 17:33:36

ansaurus

tags:

views:

answers:

What is the most secure encryption mode for Android?

related questions