Yeah I already have one, just wanted to test this one as I heard good things about it. Just a shame that it's only real use is for something like instant messaging where the data doesn't have to be stored.
Hi, we have a scenario where we have to encrypt the data on the phone and decrypt it on my laptop. I have tried to generate keys separately and use it in the app. Using the public key, I was able to encrypt the file. But, I am not able to decrypt it using the corresponding private key. If anyone has any similar implementation, can you help me out?
You can find the source code here:
It is suggested to use extension in apps only but it will work for different platforms too if you change few things in either of them.
So the requirement is that we collect data through the app over the phone and with this extension we are encrypting that csv file. However, due to privacy concerns we only want to decrypt the file on a particular laptop and for that we wrote a decryption algorithm but it is unable to decrypt because the encryption format is different from what we wrote. Do you have a decryption algorithm that we can use or any idea on what format ( bytes ) does the decryption happen?
The algorithm used is RSA/ECB/OAEPWithSHA-256AndMGF1Padding
. You can convert source code into a JavaFX application.
You have the answer
????
How works Private and Public encryption (Dummy example)
1- Take a random (and very very large) prime number, ex; 97 & 89
2- Algorithm make his magic for Private key, ex; 97
3- With private
key create a Public key, ex; 31
4- With private
key you encrypt a message
and share the public
key with the person that need decrypt the message ex; Mencrypt:
Hi+Private Key [97]
= aBcD128
& then, with the Public Key
(shared) can Mdecrypt:
aBcD128-Public Key [31]
= Hi
Where (+) and (-) represent the algorithm.
5- So... Public Key can be shared with no problem (All Api's use it)
How to use Secure Online/Local DB to store Private Keys
1- Nothing it's secure
2- It's not necessary store the private
and public
keys, it can be generated each time
and every time
that you need it. (your use case).
3- If you need to store them, PLEASE... don't use default names and extension like TinyDb
and Keys.db
cause it's like to say "Hey!!!! here is my sensitive data, please open it and destroy everything!!!"
4- Change the names and extensions like tgopxfcd.huy
or something like that (use random generators), automate
the process (pick, change extension, extract info, close, etc) in blocks.
5- Firebase
and Supabas
e has especial vault
to store sensitive data, USE IT. not from Api requests
(you are the owner
of that database).
6- Nothing its secure.
Why you should secure your app and data????
1- Cause like i say... nothing it's secure.
2- Zero trust
principle.
3- All data
matters!!!
4- Most of apps created with this platforms, are used to iot
or share
sensitive info. In iot
case... i don't want anybody turning on/off
my lights, coffee or TV at 3 am. And sensitive info case... I don't want anybody see my notes
or sensors
data.
- Useful
- Useless
- i don't care
- Nevermind
- Don't bother me