Make fast cryptographic operations on Android with Conceal
By default, Android offers to developers some Java APIs to implement some cryptographic operations on Android. These APIs are great but not always easy to use and not really adapted to mobile environment with constraints. To solve this problem, Facebook has created a dedicated library named Conceal that provides a set of Java APIs to perform fast cryptographic operations on Android.
Conceal has been designed to be able to encrypt large files on disk in a fast and memory efficient manner. Rather to offer a large choice of algorithms to choose to encrypt and decrypt data, Conceal has chosen to implement specific cryptographics algorithms from OpenSSL. To be more efficient, Conceal attemps to manage memory between the native and Java heap. Besides, to reduce size of the library, Conceal ships with only a select number of encryption algorithms from OpenSSL which makes it much smaller (only 85KB). Now, we can start to use Conceal.
Installation
To install Conceal on your Android application project, you need to download the following binaries :
- libconceal.jar from https://raw.github.com/facebook/conceal/gh-pages/downloads/libconceal.jar
- conceal_android.jar from https://raw.github.com/facebook/conceal/gh-pages/downloads/conceal_android.jar
- Native binaries from https://raw.github.com/facebook/conceal/gh-pages/downloads/libs.zip
Add both jars as dependencies. Then, drop the .so files in libs.zip into a jniLibs/ folder located at src/main/jniLibs.
Encrypt content
Once you have installed dependencies in your project, you can encrypt your first file :
// Creates a new Crypto object with default implementations of
// a key chain as well as native library.
Crypto crypto = new Crypto(
new SharedPrefsBackedKeyChain(context),
new SystemNativeCryptoLibrary());
// Check if crypto instance is available
if (!crypto.isAvailable()) {
return;
}
OutputStream fileStream = new BufferedOutputStream(
new FileOutputStream(file));
// Encrypted output stream
OutputStream outputStream = crypto.getCipherOutputStream(
fileStream, entity);
// Write your plain text content
outputStream.write(plainTextBytes);
outputStream.close();
Decrypt content
Now, you would like to know how to decrypt your encrypted content. It’s very easy with Conceal like you can see :
// Creates a new Crypto object with default implementations of
// a key chain as well as native library.
Crypto crypto = new Crypto(
new SharedPrefsBackedKeyChain(context),
new SystemNativeCryptoLibrary());
// Check if crypto instance is available
if (!crypto.isAvailable()) {
return;
}
// Get the encrypted file
FileInputStream fileStream = new FileInputStream(file);
// Creates an input stream which decrypts the data
InputStream inputStream = crypto.getCipherInputStream(
fileStream, entity);
int read;
byte[] buffer = new byte[1024];
while ((read = inputStream.read(buffer)) != -1) {
out.write(buffer, 0, read);
}
inputStream.close();
Note that you must read the entire stream to decrypt content because a verification is done at the end of the stream. Thus, not reading till the end of the stream will cause a security bug.
Conclusion
Like you can see, Conceal is an easy to use and powerful library to make fast cryptographic operations on Android. Besides, it offers great performances to encrypt and decrypt in a memory efficient manner like you can see in the diagram below.
Leave a Reply
You must be logged in to post a comment.