http://android-developers.blogspot.com/2013/12/changes-to-secretkeyfactory-api-in.html

Changes to the SecretKeyFactory API in Android 4.4

Posted by Trevor Johns, Android Developer Relations team

In order to encrypt data, you need two things: some data to encrypt and an encryption key. The encryption key is typically a 128- or 256-bit integer. However, most people would rather use a short passphrase instead of a remembering a 78-digit number, so Android provides a way to generate an encryption key from ASCII text inside of javax.crypto.SecretKeyFactory.

Beginning with Android 4.4 KitKat, we’ve made a subtle change to the behavior of SecretKeyFactory. This change may break some applications that use symmetric encryption and meet all of the following conditions:

  1. Use SecretKeyFactory to generate symmetric keys, and
  2. Use PBKDF2WithHmacSHA1 as their key generation algorithm for SecretKeyFactory, and
  3. Allow Unicode input for passphrases

Specifically, PBKDF2WithHmacSHA1 only looks at the lower 8 bits of Java characters in passphrases on devices running Android 4.3 or below. Beginning with Android 4.4, we have changed this implementation to use all available bits in Unicode characters, in compliance with recommendations in PCKS #5.

Users using only ASCII characters in passphrases will see no difference. However, passphrases using higher-order Unicode characters will result in a different key being generated on devices running Android 4.4 and later.

For backward compatibility, we have added a new key generation algorithm which preserves the old behavior: PBKDF2WithHmacSHA1And8bit. Applications that need to preserve compatibility with older platform versions (pre API 19) and meet the conditions above can make use of this code:

import android.os.Build;SecretKeyFactory factory;if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) { // Use compatibility key factory -- only uses lower 8-bits of passphrase chars factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1And8bit");} else { // Traditional key factory. Will use lower 8-bits of passphrase chars on // older Android versions (API level 18 and lower) and all available bits // on KitKat and newer (API level 19 and higher). factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");}

更多相关文章

  1. 代码中设置drawableleft
  2. android 3.0 隐藏 系统标题栏
  3. Android开发中activity切换动画的实现
  4. Android(安卓)学习 笔记_05. 文件下载
  5. Android中直播视频技术探究之—摄像头Camera视频源数据采集解析
  6. 技术博客汇总
  7. android 2.3 wifi (一)
  8. AndRoid Notification的清空和修改
  9. Android中的Chronometer

随机推荐

  1. [MySQL] 高可用架构MMM简单介绍
  2. 连接相关标签的最佳数据库设计
  3. 对所有表执行查询并在新表中填入数据
  4. MySql sqlstate代码大全(转载)
  5. mysql(一)工作原理&引擎
  6. mysql字符集设置
  7. mysql还原数据库
  8. Linux下数据库MYSQL忘记登录密码及更换密
  9. CentOS7 安装LAMP mysql8 php7.2
  10. MYSQL中动态行数据转列数据