Android Tutorial Encrypting information with RandomAccessFile library

RandomAccessFile v1.30 introduces two new methods named: WriteEncryptedObject and ReadEncryptedObject.
These methods are similar to WriteObject and ReadObject methods. The difference is that the new methods encrypt the object before writing it to a file and decrypt it before reading. The encryption algorithm is AES-256 which is considered to provide strong protection.

Android SQLite implementation doesn't support encryption. In many cases you can use these two methods instead. You can create a large Map or List with your own structures and save them to a file.
Edit: Using the new SQLCipher library you can encrypt SQLite databases: http://www.b4x.com/forum/basic4andr...id-database-encryption-sqlcipher-library.html

Developers who are not familiar with WriteObject / ReadObject should try these methods. They are very easy to use and allow you to store complicated objects in a single line of code. Unlike File.WriteMap / WriteList which convert the data to a string, WriteObject and WriteEncryptedObject can write many types of data without losing any information.

You can see more information about the supported types here: Basic4android - RandomAccessFile

Example of writing an encrypted List to a file:
B4X:
Sub Activity_Create(FirstTime As Boolean)
   Dim list1 As List
   list1.Initialize
   For i = 1 To 1000
      list1.Add("Item #" & i)
   Next
   'writing the object
   Dim raf As RandomAccessFile
   raf.Initialize(File.DirRootExternal, "1.dat", False)
   raf.WriteEncryptedObject(list1, "some secret password", raf.CurrentPosition)
   'you can continue to write more objects to this file
   '...
   raf.Close
   
   'reading the object
   Dim raf As RandomAccessFile
   raf.Initialize(File.DirRootExternal, "1.dat", False)
   Dim list2 As List
   list2 = raf.ReadEncryptedObject("some secret password", raf.CurrentPosition)
   Log(list2)
   raf.Close
End Sub

Other more advanced encryption methods are available in the encryption library: http://www.b4x.com/forum/additional-libraries-official-updates/6839-base64-encryption-library.html

The library is available here: http://www.b4x.com/forum/additional...domaccessfile-v1-30-writeenctypredobject.html
 

omidaghakhani1368

Well-Known Member
Licensed User
Longtime User
Hi Erel.
For save randomaccessfile's password for prevent hack,i should save pass in process_global and compile with obfuscate release,isn't ?
 

omidaghakhani1368

Well-Known Member
Licensed User
Longtime User
Hi Erel.
For save randomaccessfile's password for prevent hack,i should save pass in process_global and compile with obfuscate release,isn't ?
It is better though a hacker can always rerun the code and decrypt the data.
Oh my god,thus how i store pass in basic?
 

Erel

B4X founder
Staff member
Licensed User
Longtime User
If the password is stored somewhere in the program then a hacker can always decompile your app and run the code with a debugger and find the password.
It doesn't mean that you shouldn't store passwords. It means that you need to understand the security risks.

The other approach will be to let the user enter the password or authenticate with an external server.
 

omidaghakhani1368

Well-Known Member
Licensed User
Longtime User
Yes security risk.
I decide to create key in server and send to client and then save in file with encryption
 

Devv

Active Member
Licensed User
Longtime User
B4X:
Dim raf As RandomAccessFile
Dim test As String

   raf.Initialize(File.DirRootExternal, "test.dat", False)
   'Dim list2 As List
   test = raf.ReadEncryptedObject("some secret password", raf.CurrentPosition)
   Log(test)
   raf.Close


** Activity (main) Create, isFirst = true **
main_activity_create (B4A line: 46)
test = raf.ReadEncryptedObject("some secret pas
java.lang.OutOfMemoryError
at anywheresoftware.b4a.randomaccessfile.RandomAccessFile.readHelper(RandomAccessFile.java:408)
at anywheresoftware.b4a.randomaccessfile.RandomAccessFile.ReadEncryptedObject(RandomAccessFile.java:403)
at b4a.example.main._activity_create(main.java:353)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:525)
at anywheresoftware.b4a.BA.raiseEvent2(BA.java:187)
at b4a.example.main.afterFirstLayout(main.java:102)
at b4a.example.main.access$000(main.java:17)
at b4a.example.main$WaitForLayout.run(main.java:80)
at android.os.Handler.handleCallback(Handler.java:730)
at android.os.Handler.dispatchMessage(Handler.java:92)
at android.os.Looper.loop(Looper.java:176)
at android.app.ActivityThread.main(ActivityThread.java:5419)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:525)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1046)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:862)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:132)
at dalvik.system.NativeStart.main(Native Method)

the list example worked ok, what i'am doing wrong with my code ?
 

Informatix

Expert
Licensed User
Longtime User
Yes security risk.
I decide to create key in server and send to client and then save in file with encryption
A hacker will inject code to know the data exchanged with the client (by using a valid copy of your app) before anything is encrypted (or he will just monitor the network with a sniffer if data are in plain text) so your solution does not protect anything.
 

Devv

Active Member
Licensed User
Longtime User
A hacker will inject code to know the data exchanged with the client (by using a valid copy of your app) before anything is encrypted (or he will just monitor the network with a sniffer if data are in plain text) so your solution does not protect anything.

What if the communication with the server was https post ?
 

Devv

Active Member
Licensed User
Longtime User
The app encrypts the received password, so before its encryption the password is stored in plain text in a string. A hacker just has to log the string.
So what is the solution here MR. Informatix
 

tufanv

Expert
Licensed User
Longtime User
Is it safe to store a subscription data with this lib?
I just want to add a ending date&time for a subscription. can I use writeencryptedobject to just write a date ? Also can i delete or update an entry ?
 

Erel

B4X founder
Staff member
Licensed User
Longtime User
It is safe as long as the password is safe.

can I use writeencryptedobject to just write a date ?
Yes.

Also can i delete or update an entry ?
You can write a new value over the previous one.
Consider using KeyValueStore instead. It is simpler to work with.
 

tufanv

Expert
Licensed User
Longtime User
It is safe as long as the password is safe.


Yes.


You can write a new value over the previous one.
Consider using KeyValueStore instead. It is simpler to work with.
I was going to use it but think that maybe it is not safe .
is keyvaluestore aso secure as this lib ? ( it doesnt have any password protection etc.. )

edit: found the answer by myself. It also uses encryptedwriting so it is safe :)
 

zani

Member
Licensed User
Longtime User
RandomAccessFile v1.30 introduces two new methods named: WriteEncryptedObject and ReadEncryptedObject.
These methods are similar to WriteObject and ReadObject methods. The difference is that the new methods encrypt the object before writing it to a file and decrypt it before reading. The encryption algorithm is AES-256 which is considered to provide strong protection.

Android SQLite implementation doesn't support encryption. In many cases you can use these two methods instead. You can create a large Map or List with your own structures and save them to a file.
Edit: Using the new SQLCipher library you can encrypt SQLite databases: http://www.b4x.com/forum/basic4andr...id-database-encryption-sqlcipher-library.html

Developers who are not familiar with WriteObject / ReadObject should try these methods. They are very easy to use and allow you to store complicated objects in a single line of code. Unlike File.WriteMap / WriteList which convert the data to a string, WriteObject and WriteEncryptedObject can write many types of data without losing any information.

You can see more information about the supported types here: Basic4android - RandomAccessFile

Example of writing an encrypted List to a file:
B4X:
Sub Activity_Create(FirstTime As Boolean)
   Dim list1 As List
   list1.Initialize
   For i = 1 To 1000
      list1.Add("Item #" & i)
   Next
   'writing the object
   Dim raf As RandomAccessFile
   raf.Initialize(File.DirRootExternal, "1.dat", False)
   raf.WriteEncryptedObject(list1, "some secret password", raf.CurrentPosition)
   'you can continue to write more objects to this file
   '...
   raf.Close
  
   'reading the object
   Dim raf As RandomAccessFile
   raf.Initialize(File.DirRootExternal, "1.dat", False)
   Dim list2 As List
   list2 = raf.ReadEncryptedObject("some secret password", raf.CurrentPosition)
   Log(list2)
   raf.Close
End Sub

Other more advanced encryption methods are available in the encryption library: http://www.b4x.com/forum/additional-libraries-official-updates/6839-base64-encryption-library.html

The library is available here: http://www.b4x.com/forum/additional...domaccessfile-v1-30-writeenctypredobject.html
hi can use it for file Encryption?
 
Top