android - Securing media files in the mobile -



android - Securing media files in the mobile -

i thinking developing birds catalog android. contain many pictures , sound files. files come 3rd party company copyrights.

my application should assure (as much possible) media files not accessible, copied or manipulated.

which strategies follow? crypt files in file scheme , decrypt in memory before showing or playing them? maintain them sql lite clobs? sql lite accessible other apps or hidden rest of apps? other ideas? haven't found much info "issue" on web.

thanks in advance,

chemi.

i suggest saving these files sd card, not private file of activity, images/audio files quite big (i have seen in discussion planning handle 400 mb, same app?). crypting should fine, , more straightforward sqlite.

the class below allows encrypting bytes binary files:

import java.io.file; import java.io.fileinputstream; import java.io.fileoutputstream; import java.io.ioexception; import java.security.securerandom; import javax.crypto.cipher; import javax.crypto.keygenerator; import javax.crypto.secretkey; import javax.crypto.spec.secretkeyspec; public class aesencrypter { public static void encrypttobinaryfile(string password, byte[] bytes, file file) throws encrypterexception { seek { final byte[] rawkey = getrawkey(password.getbytes()); final fileoutputstream ostream = new fileoutputstream(file, false); ostream.write(encrypt(rawkey, bytes)); ostream.flush(); ostream.close(); } grab (ioexception e) { throw new encrypterexception(e); } } public static byte[] decryptfrombinaryfile(string password, file file) throws encrypterexception { seek { final byte[] rawkey = getrawkey(password.getbytes()); final fileinputstream istream = new fileinputstream(file); final byte[] buffer = new byte[(int)file.length()]; istream.read(buffer); homecoming decrypt(rawkey, buffer); } grab (ioexception e) { throw new encrypterexception(e); } } private static byte[] getrawkey(byte[] seed) throws encrypterexception { seek { final keygenerator kgen = keygenerator.getinstance("aes"); final securerandom sr = securerandom.getinstance("sha1prng"); sr.setseed(seed); kgen.init(128, sr); // 192 , 256 bits may not available final secretkey skey = kgen.generatekey(); homecoming skey.getencoded(); } grab (exception e) { throw new encrypterexception(e); } } private static byte[] encrypt(byte[] raw, byte[] clear) throws encrypterexception { seek { final secretkeyspec skeyspec = new secretkeyspec(raw, "aes"); final cipher cipher = cipher.getinstance("aes"); cipher.init(cipher.encrypt_mode, skeyspec); homecoming cipher.dofinal(clear); } grab (exception e) { throw new encrypterexception(e); } } private static byte[] decrypt(byte[] raw, byte[] encrypted) throws encrypterexception { secretkeyspec skeyspec = new secretkeyspec(raw, "aes"); seek { final cipher cipher = cipher.getinstance("aes"); cipher.init(cipher.decrypt_mode, skeyspec); homecoming cipher.dofinal(encrypted); } grab (exception e) { throw new encrypterexception(e); } }

}

you need exception class:

public class encrypterexception extends exception { public encrypterexception ( ) { super( ); } public encrypterexception (string str ) { super(str); } public encrypterexception (throwable e) { super(e); } }

then, have utilize follows generate encrypted files:

encrypttobinaryfile("password", bytestosaveencrypted, encryptedfiletosaveto);

and in app, can read them next way:

byte [] cleardata = decryptfrombinaryfiles("password", encryptedfiletoreadfrom);

to utilize hardcoded password can hacked digging obfuscated code , looking strings. don't know whether sufficient security level in case?

if not, can store password in activity's private preferences or using tricks such this.class.getdeclaredmethods()[n].getname() password. more hard find.

about performances, have know crypting / decrypting can take quite long time. requires testing.

[edit: 04-25-2014] there big error in answer. implementation seeding securerandom, bad ('evil', say).

there easy way circumvent issue. explained in details here in android developers blog. sorry that.

android

Comments

Post a Comment

Popular posts from this blog

iphone - Dismissing a UIAlertView -

iphone - Dismissing a UIAlertView - i set in app purchase app, , when user taps button, purchase started. basically, tap button, , depending on speed on net connection, waiting 10 seconds until new alert view comes asking if purchase product. user tap button multiple times since nil came up, , multiple purchase alert views come up. additionally, maybe seen user app bug. in end, problem. i want alert view come spinning wheel says "loading..." when users taps purchase button. problem is, how dismiss when new alert view comes asking user if want purchase product? if ([uialertview alloc] says: @"whatever apple's alert view says") { //dismiss "loading..." alert view here } i uncertainty work, input appreciated. thanks! you need have access alertview. can this. create alertview instance var in app delegate , when want show loading initialize instance var assign property , when want dismiss phone call [alertviewinstance d...
Read more

intellij idea - Update external libraries with intelij and java -

intellij idea - Update external libraries with intelij and java - simple plenty really. i'm using apache jars, i'll create changes jar's every often. these jars listed external libs in intelij (i.e classpath looking install dir of jar's). when create changes intelij doesn't seem know new implementation. have remove jar external library , re-ad it. does know have intelij picks changes automatically ? i've done clean , rebuild project had little effect. you can go preferences -> build, execution, deployment -> build tools -> maven -> importing , check box says import maven projects automatically . in mac, can command + shift + a , come in action reimport , click on reimport maven projects . intellij-idea
Read more

javascript - send data from a new window to previous window in php -

javascript - send data from a new window to previous window in php - i have image in main.php file : <img src="..\images\image.gif" class="cur" onclick="imgwin();"> when click on image below function has called : function imgwin() { imagewin=window.open("../pages/img.php","imagewin","toolbar=no,width=500,height=200,directories=no,menubar=no,scrollbars=yes"); } this function opens img.php in new window img.php file : <html> <head> <title>upload image</title> </head> <body> <form name="imgform" method="get" action="#"> address : <input type="file" name="imgurl" size="50"> description : <input type="text" name="description" size="50"> <input type="submit" value="sumbit...
Read more