Skip to main content

Encryption of image files on Android — Cipher(Output|Input)Stream problems

Image
By User



I'm trying to encrypt image files on Android with password based encryption. To save the encrypted image I just do this:







FileOutputStream fos = new FileOutputStream(thumbnailFile);

CipherOutputStream cos = new CipherOutputStream(fos, encryptCipher);

Bitmap thumbnail = Bitmap.createScaledBitmap(bm2, 140, 140, true);

thumbnail.compress(Bitmap.CompressFormat.JPEG, 80, cos);







and to read it, this:







FileInputStream fis = new FileInputStream(f);

CipherInputStream cis = new CipherInputStream(fis, decryptCipher);

Bitmap b = BitmapFactory.decodeStream(cis);







but the Bitmap ends up as null. The code works when I bypass the encryption; that is when I use the File(Input|Output)Streams rather than the Cipher(Input|Output)streams.





My Ciphers are created as follows:







public void initCiphers(char password[]) {



PBEKeySpec pbeKeySpec;

PBEParameterSpec pbeParamSpec;

SecretKeyFactory keyFac;



byte[] salt = {

   (byte)0xc7, (byte)0x73, (byte)0x21, (byte)0x8c,

   (byte)0x7e, (byte)0xc8, (byte)0xee, (byte)0x99

};

int count = 20;

pbeParamSpec = new PBEParameterSpec(salt, count);          

pbeKeySpec = new PBEKeySpec(password);

try {

    keyFac = SecretKeyFactory.getInstance("PBEWithMD5AndDES");

    SecretKey pbeKey = keyFac.generateSecret(pbeKeySpec);

    encryptCipher = Cipher.getInstance("PBEWithMD5AndDES");

    decryptCipher = Cipher.getInstance("PBEWithMD5AndDES");    

    encryptCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec);

    decryptCipher.init(Cipher.DECRYPT_MODE, pbeKey, pbeParamSpec);       

} catch (Exception e) { 

    Log.v("tag", e.toString()); 

}







I don't get any exceptions.





There is obviously some problem with using Cipher(Output|Input)Streams with the android functions for encoding and/or decoding images, but since those functions are opaque and there are no exceptions, its hard to know what it is. I suspect it has to do with padding or flushing. Any assistance would be gratefully appreciated.



Source: Tips4all
Labels:

Comments

  1. Tips For AllApril 10, 2012 at 10:46 AM

    You could subclass CipherOutputStream or even just OutputStream, and just override the flush() method to do nothing.

    ReplyDelete
  2. Tips For AllApril 10, 2012 at 10:46 AM

    When writing to a CipherOutputStream, make sure you close() the stream after writing the data (and not closing the underlying stream before it). Closing makes sure the right padding is added. A flush() alone is not enough here.

    Also, I would advise to not use DES for new protocols - preferred nowadays is AES.

    ReplyDelete

Post a Comment

Popular posts from this blog

Slow Android emulator

By User
I have a 2.67 GHz Celeron processor, 1.21 GB of RAM on a x86 Windows XP Professional machine. My understanding is that the Android emulator should start fairly quickly on such a machine, but for me it does not. I have followed all instructions in setting up the IDE, SDKs, JDKs and such and have had some success in staring the emulator quickly but is very particulary. How can I, if possible, fix this problem?
30 comments
Read more