Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
W
W
whtslpzz2013-12-03 15:34:50
Android
whtslpzz, 2013-12-03 15:34:50

How to generate and store encryption keys for Android?

Good afternoon.
There is a task - the implementation of the encryption algorithm GOST 28147-89 for Android. How to generate a key and store? Store in open form in a file does not correspond to the task - the most secure implementation is needed ..
What are the ways to store the replacement table?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Anton, 2013-12-03
@whtslpzz

In android , you can store data locally only in 3 places:
1. sdcard
2. internal memory
3. Protected (on non-rooted devices) area of ​​\u200b\u200beach application /data/data/ru.mycompany.myapp/
In the first 2, anyone can climb application
In the 3rd, only ours, but if the phone is rooted / or a virus climbs, then the one who can access (via SuperSU or exploit)
=> It remains to store only as in /data/data/ru.mycompany.myapp/ plus store not in its pure form, but by encrypting the key itself using the second key (at least xor), which is hardcoded in the application.
Plus, in the application itself, instead of a hardcoded second key ("key for a key"), it can be dynamically generated in parts so as not to be stored in its entirety, otherwise it can be easily obtained by simple disassembly. I think this should be enough.
---
To be completely paranoid - it is still unrealistic to obfuscate the entire code by turning it into a "big ball of mud" / build in anti-debugging (measure the time - and if it exceeds - go to the "deceptive" execution branch) - then certainly few people will want to understand in all this...
---
Upd: Dynamic generation of a master key with obfuscation - even after disassembling the application, not everyone wants to tinker with such a puzzle...

public String getSomeKey1() {
    return "5";
}
public String getSomeKey2() {
    long key[32];

    key[0] = 9; 
    key[2] = 55; 
    a = (key[0] + key[2]) * 3; 
    key[1] = (a % 10) + someFunc() * 99; 
    key[4] = (a / 10) * someFunc2() / someFunc3(); 
    if (someFunc4()) { 
        key[5] = someFunc5(); 
    } else { 
        key[5] = someFunc6(); 
    }
    key[6] = Integer.valueOf(getSomeKey1());
    key = process1(key);
    key[2] = getSomeKey3();
    // ...
    StringBuilder sb = new StringBuilder();
    for (long i: key) {
        sb.append(i);
    }

    return sb.toString();
}
public long[] process1(long[] key) {
    key[3] = (key[4] + key[5] + key[1]*2) / 5;
    key[1] = getSomeKey();
    // ...
}
public long getSomeKey3() {
    long a = 435345435;
    boolean b = false;
    while (!b) {
        b = true;
        for (i=2; i<(long)Math.sqr(a); i++) {
            if (a % i == 0) { 
                b = false;
                break;
            }
        }
        a++:
    }
    return a+10;
}

// Итоговый мастер-ключ получаем так:
String masterKey = getSomeKey4() + getSomeKey2() + Integer.valueOf(getSomeKey1());

Similar questions
A
Andrey2022-01-18 10:13:54
Zabbix trigger firing after a certain time? 3Reply
R
Rustam Akhmetov2016-06-27 10:05:19
How to speed up cms Moodle? 4Reply
O
Olga Stogova2014-03-19 07:04:13
Overflow: hidden on android 4.1.2 in chrome doesn't hide content, why? 2Reply
A
Alexey24112020-08-29 15:26:44
Where can I find literature on XML and GUI (Android studio)? 0Reply
N
nikita_chiru2016-05-15 22:36:44
How to bypass the exact list size? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question