Android Question Looking for a B4A example project using Format Preserving Encryption

toby

Well-Known Member
Licensed User
Longtime User
I'm evaluating the feasibility of the Format Preserving Encryption feature for an existing app. If someone could kindly share a simple B4A example project, I would appreciate it very much!

TIA
 

MicroDrie

Well-Known Member
Licensed User
Longtime User
I wonder if you realize that with Format and Length Preserving Encryption (FLPE), the rotating key is a big problem. If it somehow gets lost or it is out of sync, then the encrypted information can no longer be decrypted. So you must have a very solid process around your application that can handle this. Any process or communication mistake in this process leads to very big problems with every deviation from this prcess.

You have to be a very smart user who always goes through exactly the right process steps and understands exactly what has been done to be able to fix a challenge that has arisen.

You don't write why you want to use FLPE, but I think you should choose another safe solution.
 
Upvote 0

toby

Well-Known Member
Licensed User
Longtime User
You don't write why you want to use FLPE, but I think you should choose another safe solution.
Thank you very much for your response! I'll keep your advice in mind. BTW, I want to encrypt mysql table primary keys which are of Long data type to another value of the same data type.
 
Upvote 0

MicroDrie

Well-Known Member
Licensed User
Longtime User
You can also store information encrypted in a MySQL database. This means that the database and therefore your primary keys cannot be read by third parties without that password. And if you are going to encrypt the primary keys for third parties and users, where do you store the password? Hard-coded in the program so that it can also be found via a de-compiler and you also make reading a table complicated by the extra decryption you have to make. It soon becomes "yawning with open mouth" or it sounds like a measure, but it adds nothing security wise.
 
Upvote 0

toby

Well-Known Member
Licensed User
Longtime User
What I'm trying to achieve is to meet the new Google's Data Safety requirements for published apps: All identifiable personable data including User IDs, account numbers need to be encrypted before transmitted to and stored in the remote database. For now, no 3rd party reads the data.
 
Upvote 0

MicroDrie

Well-Known Member
Licensed User
Longtime User
Very good that you are thinking/must think about information encryption. The very first question to be answered is "What is the indisputable reason(s) for keeping information? What is often forgotten is that collecting, storing, protecting, creating regular backups, updating and cleaning up, all those activities costs money and what you don't collect cannot be stolen, and can't be abused.

If you can reduce the information gathering to nothing, the good news is that Google has provided a safe user environment and you are quickly done with the pinnacle of information minimization.

In the event that you have unfortunately come to an irrefutable conclusion that you must collect some personal data, these measures are necessary for a MySQL based solution:
  1. The MySQL database is encrypted and equipped with best practices security measures.
  2. The transport between the app and the MySQL database is encrypted and the database only accepts encrypted transport. You can find more information about how to do that here.
What remains is that the use of static passwords should actually be avoided as much. Back to your original question about the Format and Length Preserving Encryption (FLPE) protocol, you could make something that generates the next key, so to speak, that you encrypt information next time.
 
Upvote 0
Cookies are required to use this site. You must accept them to continue using the site. Learn more…