BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Encrypting Files on Android with Facebook Conceal

Encrypting Files on Android with Facebook Conceal

This item in japanese

Lire ce contenu en français

Bookmarks

Facebook has open sourced Conceal, a set of Java APIs for file encryption and authentication on Android. Conceal uses a subset of OpenSSL’s algorithms and predefined options in order to keep the library smaller, currently being 85KB.

The library targets older Android devices, from Froyo to Jelly Bean, on which the performance is much better than Android’s native support, according to Facebook:

image

The above benchmarks compare a native Android algorithm (ES-CTR-HMAC-SHA1) with Bouncycastle (AES-GCM) and Conceal (AES-GCM) on Galaxy Y.

Google has introduced support for OpenSSL in KitKat, but the default Cipher Stream “does not perform well”, according to Facebook; “when replaced with our Cipher stream (see BetterCipherInputStream), the default implementation is competitive against Conceal.”

The following code snippet shows how to encrypt files with Conceal:

// Creates a new Crypto object with default implementations of 
// a key chain as well as native library.
Crypto crypto = new Crypto(
  new SharedPrefsBackedKeyChain(context),
  new SystemNativeCryptoLibrary());

// Check for whether the crypto functionality is available
// This might fail if Android does not load libraries correctly.
if (!crypto.isAvailable()) {
  return;
}

OutputStream fileStream = new BufferedOutputStream(
  new FileOutputStream(file));

// Creates an output stream which encrypts the data as
// it is written to it and writes it out to the file.
OutputStream outputStream = crypto.getCipherOutputStream(
  fileStream,
  entity);

// Write plaintext to it.
outputStream.write(plainText);
outputStream.close();

Conceal can be used to encrypt large files, Facebook using it to encrypt data and images on phone/tablet’s SD card.

Instructions for building a similar library based on OpenSSL can be found on Conceal’s GitHub page.

Rate this Article

Adoption
Style

BT