B4J Question B4XCipher

LucaMs

Expert
Licensed User
Longtime User
Please, run the B4J project attached. Try Test routine and then DBTest (comment/uncomment the lines).


I'm trying to store a Base64 string, which is the result of a text encryption, and retrieve it "later".

In the Test routine everything works as expected, in the DBTest routine every time the same text is crypted the return value is different.

If this was caused by Salt and IV it should also do so in the Test routine.

How to solve?
 

Attachments

  • B4XEncryptionTest.zip
    10.6 KB · Views: 233
Sort by date Sort by votes

OliverA

Expert
Licensed User
Longtime User
LucaMs said:
what am I supposed to do with that Encryption-Decryption made that way, with a random Salt?
Click to expand...
Don't use B4XCipher. That is not what it is made for (your use case. A similar case was here: https://www.b4x.com/android/forum/threads/solved-b4xencryption-decrypt.125100/).
You'll have to write your own routines using iEncryption library (https://www.b4x.com/android/forum/threads/iencryption-library.46991/#content) on iOS and Encryption library (https://www.b4x.com/android/forum/threads/base64-and-encryption-library.6839/#content) for B4A/B4J. Someone may already have something posted on this forum
Note: B4XCipher is now part of the jB4XEncryption internal library. You don't need to use the old external library anymore
 
Upvote 0

LucaMs

Expert
Licensed User
Longtime User
I was hoping I could use that cross-platform library.


OliverA said:
Note: B4XCipher is now part of the jB4XEncryption internal library. You don't need to use the old external library anymore
Click to expand...
I'm not using jB4XEncryption but B4XEncryption.
 
Upvote 0

OliverA

Expert
Licensed User
Longtime User
LucaMs said:
I'm not using jB4XEncryption but B4XEncryption.
Click to expand...
If you want other people to help you, either also include B4XEncryption when you post your problems, or let them know what new library to use (in B4J, it is now jB4XEncryption). Just saying...
 
Upvote 0

OliverA

Expert
Licensed User
Longtime User
LucaMs said:
I was hoping I could use that cross-platform library.
Click to expand...
You can. You just have to create your own. I'm pretty sure the methods in iEncryption/Encryption libraries are similar enough to create standard B4X code.
 
Upvote 0

KMatle

Expert
Licensed User
Longtime User
Problem:

If you encrypt the same data and get the same result it's easier for a hacker. Remember the German Enigma device (WW2). All messages started with the weather report and the same phrases which caused it to be hacked by England.

Goal:

Same data to encrypt <> same encrypted data = more security

Solution:

Add salt (e.g. first 64 bytes) = random bytes = must be a multiple of 16 = noone knows where the final data starts
IV = AES is a block cypher = IV is some kind of a "sort order" = which block is encrypted first/between/last = 16 random bytes

Encrypted data:

16 bytes salt & 16 bytes IV & encrypted data

Decryption:

- remove first 16 bytes (salt)
- get next 16 bytes (IV) and set/use it (try to set it all to zeroes and you'll get a funny sort order)
- decrypt the remaining bytes

PS: Salt & IV are public, but as you use a salt with a multiple length of 16 noone knows where each data starts
 
Upvote 0
You must log in or register to reply here.

Similar Threads

  • Article
B4J Code Snippet [B4X] The best way to test your code
Replies
0
Views
529
Brian Michael
  • Article
B4A Library [B4X][B4XLib] B4XCheckInternetLM
Replies
9
Views
3K
LucaMs
  • Question
B4J Question @Test annotation
Replies
16
Views
2K
Alberto Iglesias
A
  • Question
B4J Question B4XEncryption Decryption help needed [Solved]
Replies
3
Views
2K
Anser
A
  • Question
B4J Question How to test the performance of B4J server?
Replies
6
Views
2K
LucaMs
Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn more…