Using AES for salted password encryption

This examples uses the AES algorithm for encrypting passwords. The salt length can be up to 128 bit.

We are using the SecureRandom class to generate a salt, which is combined with the password to generate a secret key. The classes used are already existing in Android packages javax.crypto and java.security.

Once a key is generated, we have to preserve this key in a variable or store it. We are storing it among the shared preferences in the value S_KEY. Then, a password is encrypted using the doFinal method of the Cipher class once it is initialised in ENCRYPT_MODE. Next, the encrypted password is converted from a byte array into a string and stored among the shared preferences. The key used to generate an encrypted password can be used to decrypt the password in a similar way:

public class MainActivity extends AppCompatActivity {
    public static final String PROVIDER = "BC";
    public static final int SALT_LENGTH = 20;
    public static final int IV_LENGTH = 16;
    public static final int PBE_ITERATION_COUNT = 100;

    private static final String RANDOM_ALGORITHM = "SHA1PRNG";
    private static final String HASH_ALGORITHM = "SHA-512";
    private static final String PBE_ALGORITHM = "PBEWithSHA256And256BitAES-CBC-BC";
    private static final String CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";
    public static final String SECRET_KEY_ALGORITHM = "AES";
    private static final String TAG = "EncryptionPassword";

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        String originalPassword = "ThisIsAndroidStudio%$";
        Log.e(TAG, "originalPassword => " + originalPassword);
        String encryptedPassword = encryptAndStorePassword(originalPassword);
        Log.e(TAG, "encryptedPassword => " + encryptedPassword);
        String decryptedPassword = decryptAndGetPassword();
        Log.e(TAG, "decryptedPassword => " + decryptedPassword);
    }

    private String decryptAndGetPassword() {
        SharedPreferences prefs = getSharedPreferences("pswd", MODE_PRIVATE);
        String encryptedPasswrd = prefs.getString("token", "");
        String passwrd = "";
        if (encryptedPasswrd!=null && !encryptedPasswrd.isEmpty()) {
            try {
                String output = prefs.getString("S_KEY", "");
                byte[] encoded = hexStringToByteArray(output);
                SecretKey aesKey = new SecretKeySpec(encoded, SECRET_KEY_ALGORITHM);
                passwrd = decrypt(aesKey, encryptedPasswrd);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        return passwrd;
    }

    public String encryptAndStorePassword(String password) {
        SharedPreferences.Editor editor = getSharedPreferences("pswd", MODE_PRIVATE).edit();
        String encryptedPassword = "";
        if (password!=null && !password.isEmpty()) {
            SecretKey secretKey = null;
            try {
                secretKey = getSecretKey(password, generateSalt());

                byte[] encoded = secretKey.getEncoded();
                String input = byteArrayToHexString(encoded);
                editor.putString("S_KEY", input);
                encryptedPassword = encrypt(secretKey, password);
            } catch (Exception e) {
                e.printStackTrace();
            }
            editor.putString("token", encryptedPassword);
            editor.commit();
        }
        return encryptedPassword;
    }

    public static String encrypt(SecretKey secret, String cleartext) throws Exception {
        try {
            byte[] iv = generateIv();
            String ivHex = byteArrayToHexString(iv);
            IvParameterSpec ivspec = new IvParameterSpec(iv);

            Cipher encryptionCipher = Cipher.getInstance(CIPHER_ALGORITHM, PROVIDER);
            encryptionCipher.init(Cipher.ENCRYPT_MODE, secret, ivspec);
            byte[] encryptedText = encryptionCipher.doFinal(cleartext.getBytes("UTF-8"));
            String encryptedHex = byteArrayToHexString(encryptedText);

            return ivHex + encryptedHex;

        } catch (Exception e) {
            Log.e("SecurityException", e.getCause().getLocalizedMessage());
            throw new Exception("Unable to encrypt", e);
        }
    }

    public static String decrypt(SecretKey secret, String encrypted) throws Exception {
        try {
            Cipher decryptionCipher = Cipher.getInstance(CIPHER_ALGORITHM, PROVIDER);
            String ivHex = encrypted.substring(0, IV_LENGTH * 2);
            String encryptedHex = encrypted.substring(IV_LENGTH * 2);
            IvParameterSpec ivspec = new IvParameterSpec(hexStringToByteArray(ivHex));
            decryptionCipher.init(Cipher.DECRYPT_MODE, secret, ivspec);
            byte[] decryptedText = decryptionCipher.doFinal(hexStringToByteArray(encryptedHex));
            String decrypted = new String(decryptedText, "UTF-8");
            return decrypted;
        } catch (Exception e) {
            Log.e("SecurityException", e.getCause().getLocalizedMessage());
            throw new Exception("Unable to decrypt", e);
        }
    }

    public static String generateSalt() throws Exception {
        try {
            SecureRandom random = SecureRandom.getInstance(RANDOM_ALGORITHM);
            byte[] salt = new byte[SALT_LENGTH];
            random.nextBytes(salt);
            String saltHex = byteArrayToHexString(salt);
            return saltHex;
        } catch (Exception e) {
            throw new Exception("Unable to generate salt", e);
        }
    }

    public static String byteArrayToHexString(byte[] b) {
        StringBuffer sb = new StringBuffer(b.length * 2);
        for (int i = 0; i < b.length; i++) {
            int v = b[i] & 0xff;
            if (v < 16) {
                sb.append('0');
            }
            sb.append(Integer.toHexString(v));
        }
        return sb.toString().toUpperCase();
    }

    public static byte[] hexStringToByteArray(String s) {
        byte[] b = new byte[s.length() / 2];
        for (int i = 0; i < b.length; i++) {
            int index = i * 2;
            int v = Integer.parseInt(s.substring(index, index + 2), 16);
            b[i] = (byte) v;
        }
        return b;
    }

    public static SecretKey getSecretKey(String password, String salt) throws Exception {
        try {
            PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), hexStringToByteArray(salt), PBE_ITERATION_COUNT, 256);
            SecretKeyFactory factory = SecretKeyFactory.getInstance(PBE_ALGORITHM, PROVIDER);
            SecretKey tmp = factory.generateSecret(pbeKeySpec);
            SecretKey secret = new SecretKeySpec(tmp.getEncoded(), SECRET_KEY_ALGORITHM);
            return secret;
        } catch (Exception e) {
            throw new Exception("Unable to get secret key", e);
        }
    }

    private static byte[] generateIv() throws NoSuchAlgorithmException, NoSuchProviderException {
        SecureRandom random = SecureRandom.getInstance(RANDOM_ALGORITHM);
        byte[] iv = new byte[IV_LENGTH];
        random.nextBytes(iv);
        return iv;
    }
}

Found a mistake? Have a question or improvement idea? Let me know.

Storing password securely:

* How to store passwords securely

* Using AES for salted password encryption

Table Of Contents

0 Getting Started

1 Layouts

2 Gradle

3 RecyclerView onClickListeners

4 NavigationView

5 Intent

6 JSON handling with org.json

7 Android Studio

8 Resources

9 Data Binding Library

10 Exceptions

11 Getting Calculated View Dimensions

12 AsyncTask

13 SharedPreferences

14 Emulator

15 Material Design

16 Lint Warnings

17 Service

18 Storing Files in Internal and External Storage

19 WebView

20 Project SDK versions

21 RecyclerView

22 Google Maps

23 PorterDuff Mode

24 9-Patch images

25 Android NDK

26 RecyclerView Decorations

27 Camera 2 API

28 ViewPager

29 CardView

30 HttpURLConnection

31 SQLite

32 ADB Android Debug Bridge

33 ButterKnife

34 Supporting different screen resolutions

35 Glide

36 Retrofit2

37 Dialog

38 ACRA

39 GreenDAO

40 Formatting Strings

41 Notifications

42 AlarmManager

43 Fragments

44 Handler

45 Creating Custom Views

46 BroadcastReceiver

47 Activity

48 Snackbar

49 Runtime Permissions in API-23

50 Logging and using Logcat

51 VectorDrawable and AnimatedVectorDrawable

52 Tools Attributes

53 Toast

54 Interfaces

55 Animators

56 Location

57 Theme Style Attribute

58 The Manifest File

59 Parcelable

60 MediaPlayer

61 Multidex and the Dex Method Limit

62 Data Synchronization with Sync Adapter

63 Menu

64 Instant Run in Android Studio

65 Picasso

66 Bluetooth LE API

67 RoboGuice

68 Memory Leaks

69 Universal Image Loader

70 Volley

71 Widgets

72 Date and Time Pickers

73 Integrate Google Sign In

74 In-app billing

75 FloatingActionButton

76 ContentProvider

77 Dagger 2

78 Realm

79 Unit testing in Android with JUnit

80 Android Versions

81 Wi-Fi Connections

82 SensorManager

83 Localization with resources

84 ProgressBar

85 Custom Fonts

86 Vibration

87 Google Awarness APIs

88 Text to Speech (TTS)

89 UI Lifecycle

90 Spinner

91 Data Encryption / Decryption

92 Testing UI with Espresso

93 Writing UI tests

94 GreenRobot EventBus

95 OkHttp

96 Enhancing Performance Using Icon Fonts

97 Handling Depp Links

98 Canvas drawing using SurfaceView

99 Firebase

100 Crash Reporting Tools

101 Check Internet Connectivity

102 Facebook SDK

103 Unzip File

104 Android Places API

105 Creating your own libraries

106 Handling JSON with Gson

107 Device Display Metrics

108 TextView

109 ListView

110 Building Backwards Compatible Apps

111 Loader

112 ProGuard - Obfuscating and Shrinking your code

113 Detect Shake Event

114 Typedef Annotations

115 Capturing Screenshots

116 MVP Architecture

117 Orientation Changes

118 Xposed

119 Security

120 PackageManager

121 ImageView

122 Gesture Detection

123 Doze Mode

124 Android Sound and Media

125 SearchView

126 Camera and Gallery

127 Callback URL

128 Twitter APIs

129 SqlCipher integration

130 Drawables

131 Colors

132 ConstraintLayout

133 RenderScript

134 Fresco

135 Swipe to Refresh

136 AutoCompleteTextView

137 Installing apps with ADB

138 IntentService

139 AdMob

140 Implicit Intents

141 Publish to Play Store

142 Firebase Realtime Database

143 Image Compression

144 Email Validation

145 Keyboard

146 Button

147 TextInputLayout

148 Bottom Sheets

149 CoordinatorLayout and Behaviors

150 EditText

151 Paypal Gateway Integration

152 Firebase App Indexing

153 Firebase Crash Reporting

154 Displaying Google Ads

155 Vk SDK

156 Localized DateTime

157 Count Down Timer

158 Reading Barcode and QR codes

159 Otto Event Bus

160 TransitionDrawable

161 Port Mapping using Cling

162 Creating Overlay always-on-top Windows

163 ExoPlayer

164 Inter-app UI testing with UIAutomator

165 MediaSession

166 Speech to Text Conversion

167 FileProvider

168 Publish .aar file to Apache Archive with Gradle

169 XMPP

170 Authenticator

171 RecyclerView and LayoutManagers

172 AudioManager

173 Job Scheduling

174 Accounts and AccountManager

175 OpenCV

176 Split Screen Multi-Screen Activities

177 Threads

178 MediaStore

179 Time Utils

180 Touch Events

181 Fingerprint API

182 MVVM Architecture

183 BottomNavigationView

184 ORMLite

185 YouTube API

186 TabLayout

187 Retrofit2 with RxJava

188 DayNight Theme AppCompat

189 ShortcutManager

190 LruCache

191 Using Jenkins CI

192 Zip files

193 Vector Drawables

194 Fastlane

195 Define step value for RangeSeekBar

196 Getting started with OpenGL ES 2.0

197 Check Data Connection

198 Java Native Interface (JNI)

199 FileIO

200 Perfomance Optimization

201 Robolectric

202 Moshi

203 Strick Mode Policy

204 Internalization and localization

205 Retrolambda

206 SparseArray

207 Firebase Cloud Messaging

208 Shared Element Transitions

209 Android Things

210 VideoView

211 ViewFlipper

212 Dependency Injection with Dagger 2

213 Formatting phone numbers

214 Storing password securely

215 Android Kernel Optimization

216 Paint

217 AudioTrack

218 ProGuard

219 Create Android Custom ROMs

220 Java on Android

221 Pagination in RecyclerVi

222 Genymotion for Android

223 Handling touch and motion events

224 Creating Splash screen

225 ConstraintSet

226 CleverTap

227 Publish library to Maven repositories

228 ADB shell

229 Ping ICMP

230 AIDL

231 Using Kotlin

232 Autosizing TextView

233 Signing apps for release

234 Context

235 Activity Recognition

236 Secure SharedPreferences

237 Secure SharedPreferences

238 Bitmap Cache

239 Android x86 in VirtualBox

240 JCodec

241 Design Patterns

242 Okio

243 Google SignIn integration

244 TensorFlow

245 Game developmen

246 Notification Channel

247 Bluetooth Low Energy (LE)

248 Leak Canary

249 FuseView

250 SQLite using ContentValues

251 Enhancing Alert Dialogs

252 Hardware Button Events, Intents PTT

253 SpannableString

254 Looper

255 Optimized VideoView

256 Google Drive API

257 Animated AlertDialog Box

258 Annotation Processor

259 SyncAdapter with periodically do sync of data

260 Singleton Class for Toast Message

261 Fastjson

262 Android Architecture Components

263 Jackson

264 Play Store

265 Loading Bitmaps Effectively

266 Getting system font names

267 Smartcard

268 Convert vietnamese string to english

269 Contributors