[Free/Open Source] RSA asymmetric cryptography extension. Encrypt, decrypt, sign and check signatures with asymmetric cryptography, direct and asynchronous

RSA cryptography

image

Encrypt, decrypt, sign and check signatures RSA cryptography extension for App Inventor and compatibles.

Description

The RSA cryptography Java extension is used for RSA asymmetric cryptography, to encrypt, decrypt, sign, and verify signatures using RSA. The program is designed to work with App Inventor compatibles and is distributed under the GNU General Public License version.
Developed by ©Eric M. Kok (appsbeheerder).

Downloads

Extension

Example App

RSA cryptography repository

Parameters and Data Types

Keys

GenerateKeys

image

  • Parameters:

    • keyLength (Type: int) - The length of the RSA key to be generated. Should be at least 8 times larger than the length of the text to be encrypted.
  • Event KeysGenerated called:

image

  • KeysGenerated - Raised after key generation.
    • successful (Type: boolean) - TRUE if keys are successfully generated.
    • response (Type: String) - Response message after key generation.
    • privateKey (Type: String) - Private key in Base64 format.
    • publicKey (Type: String) - Public key in Base64 format.
    • keyLength (Type: int) - Length of the generated key in bits.

keyLength

image

  • Function:
    • Returns the length of the key used in the last key generation.
    • Returns: int - Length of the key in bits.

PublicKey

image

  • Function:
    • Returns the public key in Base64

PrivateKey

image

  • Function:
    • Returns the private key in Base64

EmptyKeys

image

  • Function:
    • Empties the public and private keys (sets them to null).

Encryption and Decryption

Encrypt and Async Encrypt

image

image

  • Parameters:

    • string (Type: String) - The text to be encrypted.
    • publicKey (Type: String) - Public key in Base64 format.
    • cipherAlgorithm (Type: String) - The cipher algorithm to be used for encryption.
  • Function:

    • Encrypts the input string with the provided public key using the specified cipher algorithm.
    • Returns: String - Encrypted text in Base64 format.
  • Event:

image

  • Event Encrypted - Raised after async encryption.
  • data (Type: string) - Encrypted data in Base64.

Decrypt and Async decrypt

image

image

  • Parameters:

    • string (Type: String) - The text to be decrypted.
    • privateKey (Type: String) - Private key in Base64 format.
    • cipherAlgorithm (Type: String) - The cipher algorithm used for encryption.
  • Function:

    • Decrypts the input string with the provided private key using the specified cipher algorithm.
    • Returns: String - Decrypted text.
  • Event:

image

  • Event Decrypted - Raised after async decryption.
  • data (Type: String) - Decrypted data.

AsyncEncrypt and AsyncDecrypt

  • Asynchronous Functions:
    • Performs encryption and decryption asynchronously to avoid blocking the UI.
    • Raises events Encrypted and Decrypted with the result.

Digital Signatures

Sign and Async sign

image

image

  • Parameters:

    • string (Type: String) - The text to be signed.
    • privateKey (Type: String) - Private key in Base64 format.
    • hashAlgorithm (Type: String) - The hashing algorithm to be used for signing.
  • Function:

    • Signs the input string with the provided private key using the specified hash algorithm.

    • Returns: String - Signature in Base64 format.

    • Event:

image

  • Signed - Raised after async signing.
  • data (Type: String) - Signature in Base64.

SignatureCheck and AsyncSignatureCheck

image

image

  • Parameters:

    • string (Type: String) - The text that was signed.
    • signature (Type: String) - Signature in Base64 format.
    • publicKey (Type: String) - Public key in Base64 format.
    • hashAlgorithm (Type: String) - The hashing algorithm used for signing.
  • Functions:

    • SignatureCheck - Checks if the signature is correct synchronously and returns a boolean.
    • AsyncSignatureCheck - Checks the signature asynchronously and raises the SignatureChecked event with the result.
  • Event:

image

  • SignatureChecked - Raised after async signature verification.
  • data (Type: boolean) - TRUE if the signature is correct, FALSE if incorrect.

Additional Properties

RSA Cipher algorithms for encrypting and decrypting

image

  • Cipher_PKCS1Padding Supported in all Android versions
  • Cipher_OAEPWithSha1 Support starting from Android API level 18 (Android 4.3, Jelly Bean MR2)
  • Cipher_OAEPWithSha256 Support starting from Android API level 23 (Android 6.0, Marshmallow)
  • Cipher_OAEPWithSha512 Support starting from Android API level 23 (Android 6.0, Marshmallow)

Hashing algorithms for signing

image

XtensionInfo

image

Property to get information about the extension (name, version, copyrights).

XtensionUUID

image

Property to get the extension UUID.

Example App blocks

image

Extension UUID

664650f9-a36d-48ad-8631-3a4c3b217ddf


Copyrights & License

  • RSAcryptography :copyright: Eric M. Kok (appsbeheerder)

    RSA cryptography extension GPL v3 License

    ©2024 Eric M. Kok (appsbeheerder).
    Based on AsymmetricCryptography : An extension for asymmetric cryptography ©2021 Sunny Gupta

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program. If not, see http://www.gnu.org/licenses/.


Donating

PayPal.me

A lot of work is put in this extension and the documentation. Support me for more work on extensions.

Donate me at https://paypal.me/ericdemagier


MIT Appathon use of extension

image


image

10 Likes

I don't see any download link (aix or aia).

It is there now

1 Like

Introduction to RSA Cryptography:

(Meet Alice and Bob)

Introduction to RSA

RSA (Rivest-Shamir-Adleman) cryptography is a widely used asymmetric encryption algorithm that plays a crucial role in securing digital communications and data. Introduced by Ron Rivest, Adi Shamir, and Leonard Adleman and is named after their initials. Opposite of RSA asymmetric encryption is symmetric encryption like AES.

Difference between Symmetric and Asymmetric Encryption:

  1. Key Management:
  • Symmetric Encryption: Uses a single secret key for both encryption and decryption, and this key must be securely shared between communicating parties.
  • Asymmetric Encryption (RSA): Involves a pair of public and private keys. The public key is used for encryption, while the private key is kept secret for decryption. No need for secret key exchange, the public key can be freely distributed, making it more secure in terms of key management.
  1. Speed and Efficiency:
  • Symmetric Encryption: Generally faster and more efficient for large amounts of data because it uses a single key for both encryption and decryption.
  • Asymmetric Encryption (RSA): Slower than symmetric encryption, particularly for large data sets, due to the complexity of mathematical operations involved.

Difference between RSA and AES:

  1. Algorithm Type:
  • RSA: Asymmetric encryption algorithm.
  • AES (Advanced Encryption Standard): Symmetric encryption algorithm.
  1. Key Length:
  • RSA: Typically uses longer key lengths, such as 2048 or 3072 bits, to provide sufficient security.
  • AES: Uses shorter key lengths, like 128, 192, or 256 bits, but offers comparable security through it's symmetric nature.

Pros and Cons of RSA:

Pros:

  1. Key Distribution: Eliminates the need for secure key distribution, as the public key can be freely distributed.
  2. Digital Signatures: Enables the creation and verification of digital signatures, ensuring the authenticity and integrity of messages.
  3. Security for Key Exchange: Provides a secure method for exchanging symmetric keys in hybrid encryption systems.

Cons:

  1. Computational Intensity: RSA is computationally more intensive than symmetric encryption, making it slower, especially for large volumes of data.
  2. Key Length Requirements: To maintain security, longer key lengths are needed, which can impact performance and resource requirements.
  3. Vulnerability to Quantum Computing: For the, near, future RSA is susceptible to attacks by quantum computers, which could factor large numbers efficiently, potentially compromising its security.

In summary, RSA cryptography offers a secure solution for key exchange and digital signatures but comes with computational overhead and potential vulnerabilities. Symmetric encryption, exemplified by AES, is faster but requires secure key distribution. The choice between them depends on the specific security requirements and performance considerations of a given application.

Using RSA cryptography, an example of Alice and Bob secure exchanging messages

Key Generation:

  1. Public and Private Key Pair:
  • Alice generates a pair of keys: a public key and a private key. The public key is shared with everyone, while the private key is kept secret.
  1. Public Key Distribution:
  • Alice shares her public key with Bob and anyone else who wants to send her an encrypted message.
  1. Message Encryption:
  • Bob wants to send a secure message to Alice. He obtains Alice's public key and uses it to encrypt his message. This encrypted message can only be decrypted by Alice using her private key.

Message Transmission:

  1. Encrypted Message Sent:
  • Bob sends the encrypted message to Alice.

Decryption:

  1. Private Key Decryption:
  • Alice, being the recipient, uses her private key to decrypt the message. Only Alice, with her private key, can decrypt the message encrypted with her public key.

Security and Authentication:

  1. Digital Signature (Optional):
  • If Alice wants to ensure the authenticity of her messages, she can use her private key to create a digital signature. Bob, upon receiving the message, can use Alice's public key to verify the signature, confirming that the message is indeed from Alice.

Recapitulation:

  • Public Key (Known to All): Used for encryption.
  • Private Key (Known Only to Owner): Used for decryption.

In this example, even though Bob uses Alice's public key to encrypt the message, only Alice, with her private key, can decrypt and read the original content. This ensures confidentiality. Additionally, if Alice signs the message with her private key, Bob can verify its authenticity using Alice's public key.

The strength of RSA lies in the difficulty of factoring large numbers, making it computationally infeasible for an unauthorized party to deduce Alice's private key even if they know her public key. This process allows secure communication between Alice and Bob over an insecure channel.

3 Likes
  • Ok, so... How to keep it safe?

  • Any idea o guide?

Im new on App's and Android

It is possible to encrypt and decrypt with the Android Keystore.
Encrypt the private key and store it for instance in TinyDB. This way the encrypted key can only be opened inside an app, when the TinyDB variable is decrypted with the Android Keystore key.
Find more in Android secure keystore encryption and decryption

1 Like

Yes, I already took it into account for some things, because it doesn't work for everything.

Also, I appreciate the help.

Now I'm stuck thinking about how I can make a sort of watchdog, which constantly monitors that USB debbug mode is not enabled, as well as other things.

It is to prevent the cell phone from being tapped through a PC. In itself, it is to avoid (to the greatest extent) any type of trick they want to carry out, And if they do... delete certain files..

Because in my app I handle sensitive information, since I read the id (PDF417) of the National Identity Document and I want to avoid any type of sniffing.

Please make a new separate subject for your question.

2 Likes
  • Oky Doky :heart:

I don't understand why the private key has to be eight times longer. Can you explain?

Can I make a private key shorter than the text to be encrypted?

I am a novice in such matters, rather ignorant as I have not been taught such a thing, and as such I have a question:
Practically how can I use the ARK file to understand it.

Eight times longer because it is the difference between 1 byte being 8 bits.