This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see http://www.gnu.org/licenses/.
Donating
A lot of work is put in this extension and the documentation. Support me for more work on extensions.
RSA (Rivest-Shamir-Adleman) cryptography is a widely used asymmetric encryption algorithm that plays a crucial role in securing digital communications and data. Introduced by Ron Rivest, Adi Shamir, and Leonard Adleman and is named after their initials. Opposite of RSA asymmetric encryption is symmetric encryption like AES.
Difference between Symmetric and Asymmetric Encryption:
Key Management:
Symmetric Encryption: Uses a single secret key for both encryption and decryption, and this key must be securely shared between communicating parties.
Asymmetric Encryption (RSA): Involves a pair of public and private keys. The public key is used for encryption, while the private key is kept secret for decryption. No need for secret key exchange, the public key can be freely distributed, making it more secure in terms of key management.
Speed and Efficiency:
Symmetric Encryption: Generally faster and more efficient for large amounts of data because it uses a single key for both encryption and decryption.
Asymmetric Encryption (RSA): Slower than symmetric encryption, particularly for large data sets, due to the complexity of mathematical operations involved.
RSA: Typically uses longer key lengths, such as 2048 or 3072 bits, to provide sufficient security.
AES: Uses shorter key lengths, like 128, 192, or 256 bits, but offers comparable security through it's symmetric nature.
Pros and Cons of RSA:
Pros:
Key Distribution: Eliminates the need for secure key distribution, as the public key can be freely distributed.
Digital Signatures: Enables the creation and verification of digital signatures, ensuring the authenticity and integrity of messages.
Security for Key Exchange: Provides a secure method for exchanging symmetric keys in hybrid encryption systems.
Cons:
Computational Intensity: RSA is computationally more intensive than symmetric encryption, making it slower, especially for large volumes of data.
Key Length Requirements: To maintain security, longer key lengths are needed, which can impact performance and resource requirements.
Vulnerability to Quantum Computing: For the, near, future RSA is susceptible to attacks by quantum computers, which could factor large numbers efficiently, potentially compromising its security.
In summary, RSA cryptography offers a secure solution for key exchange and digital signatures but comes with computational overhead and potential vulnerabilities. Symmetric encryption, exemplified by AES, is faster but requires secure key distribution. The choice between them depends on the specific security requirements and performance considerations of a given application.
Using RSA cryptography, an example of Alice and Bob secure exchanging messages
Key Generation:
Public and Private Key Pair:
Alice generates a pair of keys: a public key and a private key. The public key is shared with everyone, while the private key is kept secret.
Public Key Distribution:
Alice shares her public key with Bob and anyone else who wants to send her an encrypted message.
Message Encryption:
Bob wants to send a secure message to Alice. He obtains Alice's public key and uses it to encrypt his message. This encrypted message can only be decrypted by Alice using her private key.
Message Transmission:
Encrypted Message Sent:
Bob sends the encrypted message to Alice.
Decryption:
Private Key Decryption:
Alice, being the recipient, uses her private key to decrypt the message. Only Alice, with her private key, can decrypt the message encrypted with her public key.
Security and Authentication:
Digital Signature (Optional):
If Alice wants to ensure the authenticity of her messages, she can use her private key to create a digital signature. Bob, upon receiving the message, can use Alice's public key to verify the signature, confirming that the message is indeed from Alice.
Recapitulation:
Public Key (Known to All): Used for encryption.
Private Key (Known Only to Owner): Used for decryption.
In this example, even though Bob uses Alice's public key to encrypt the message, only Alice, with her private key, can decrypt and read the original content. This ensures confidentiality. Additionally, if Alice signs the message with her private key, Bob can verify its authenticity using Alice's public key.
The strength of RSA lies in the difficulty of factoring large numbers, making it computationally infeasible for an unauthorized party to deduce Alice's private key even if they know her public key. This process allows secure communication between Alice and Bob over an insecure channel.
It is possible to encrypt and decrypt with the Android Keystore.
Encrypt the private key and store it for instance in TinyDB. This way the encrypted key can only be opened inside an app, when the TinyDB variable is decrypted with the Android Keystore key.
Find more in Android secure keystore encryption and decryption
Yes, I already took it into account for some things, because it doesn't work for everything.
Also, I appreciate the help.
Now I'm stuck thinking about how I can make a sort of watchdog, which constantly monitors that USB debbug mode is not enabled, as well as other things.
It is to prevent the cell phone from being tapped through a PC. In itself, it is to avoid (to the greatest extent) any type of trick they want to carry out, And if they do... delete certain files..
Because in my app I handle sensitive information, since I read the id (PDF417) of the National Identity Document and I want to avoid any type of sniffing.
I am a novice in such matters, rather ignorant as I have not been taught such a thing, and as such I have a question:
Practically how can I use the ARK file to understand it.
When you want to know how to use the RSA encryption extension, download the .aia file and inspect the code in App Inventor. The link is in the top of this page in the paragraph: 'Example App'.
If an app is useful to you or anybody else depends on the choices you make. That has nothing to do with this extension. You use this extension only, when you know what you are doing, because encryption is a process that needs to be done with precaution.
One last thing.
Is there a tutorial showing why and how such an application might be useful somewhere?
For example: Encrypting a text means that you want to share it with someone else without a third party being able to read it.
The second one you want to share it with how do you do it so that he can read it, ok by sending the open public key, how do you send it and how do you get it when it appears: part of public key in the application that I passed it on my mobile?
Thanks for the replies
Eric M. Kok (appsbeheerder)
