Yeah I already have one, just wanted to test this one as I heard good things about it. Just a shame that it's only real use is for something like instant messaging where the data doesn't have to be stored.
1 Like
Hi, we have a scenario where we have to encrypt the data on the phone and decrypt it on my laptop. I have tried to generate keys separately and use it in the app. Using the public key, I was able to encrypt the file. But, I am not able to decrypt it using the corresponding private key. If anyone has any similar implementation, can you help me out?
You can find the source code here:
It is suggested to use extension in apps only but it will work for different platforms too if you change few things in either of them.
So the requirement is that we collect data through the app over the phone and with this extension we are encrypting that csv file. However, due to privacy concerns we only want to decrypt the file on a particular laptop and for that we wrote a decryption algorithm but it is unable to decrypt because the encryption format is different from what we wrote. Do you have a decryption algorithm that we can use or any idea on what format ( bytes ) does the decryption happen?
1 Like
The algorithm used is RSA/ECB/OAEPWithSHA-256AndMGF1Padding. You can convert source code into a JavaFX application.
1 Like
You have the answer????
How works Private and Public encryption (Dummy example)
1- Take a random (and very very large) prime number, ex; 97 & 89
2- Algorithm make his magic for Private key, ex; 97
3- With private key create a Public key, ex; 31
4- With private key you encrypt a message and share the public key with the person that need decrypt the message ex; Mencrypt: Hi+Private Key [97] = aBcD128 & then, with the Public Key (shared) can Mdecrypt: aBcD128-Public Key [31] = Hi
Where (+) and (-) represent the algorithm.
5- So... Public Key can be shared with no problem (All Api's use it)
How to use Secure Online/Local DB to store Private Keys
1- Nothing it's secure
2- It's not necessary store the private and public keys, it can be generated each time and every time that you need it. (your use case).
3- If you need to store them, PLEASE... don't use default names and extension like TinyDb and Keys.db cause it's like to say "Hey!!!! here is my sensitive data, please open it and destroy everything!!!"
4- Change the names and extensions like tgopxfcd.huy or something like that (use random generators), automate the process (pick, change extension, extract info, close, etc) in blocks.
5- Firebase and Supabase has especial vault to store sensitive data, USE IT. not from Api requests (you are the owner of that database).
6- Nothing its secure.
Why you should secure your app and data????
1- Cause like i say... nothing it's secure.
2- Zero trust principle.
3- All data matters!!!
4- Most of apps created with this platforms, are used to iot or share sensitive info. In iot case... i don't want anybody turning on/off my lights, coffee or TV at 3 am. And sensitive info case... I don't want anybody see my notes or sensors data.
What do you think about it???
- Useful
- Useless
- i don't care
- Nevermind
- Don't bother me
0
voters
2 Likes
Thanx for the extension.