{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 何必那么认真 的问题《Double encryption》','https://www.manongdao.com/q-1158710.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am using https://github.com/simbiose/Encryption to encrypt data in my android app.
I thought of double encryption.
String key = "key";
String salt = "someSalt";
byte[] iv = new byte[16];
Encryption encryption = Encryption.getDefault(key, salt, iv);
String encrypted = encryption.encryptOrNull("Some String");
Log.d("Encrypto", "Encryption Level 1 : "+encrypted);
encrypted = encryption.encryptOrNull(encrypted);
Log.d("Encrypto", "Encryption Level 2 : "+encrypted);
String decrypted = encryption.decryptOrNull(encrypted);
Log.d("Encrypto", "Decryption Level 2 : "+decrypted);
decrypted = encryption.decryptOrNull(decrypted);
Log.d("Encrypto", "Decryption Level 1 : "+decrypted);
This works perfectly, but is it recommended?
- yes this increases the memory usage to store the encrypted string, but if it makes it more secure, using more memory is pretty okay.
- Will i face some problems if i do this ?
Main question: is this a good encryption library? if not please recommend me a better one
Do you really need to encrypt the data?
https://www.schneier.com/blog/archives/2015/06/why_we_encrypt.html
Why do you want double encryption? There are better ways - for example, a longer key - to add resistance against people performing offline brute force attacks on cipher text.
"Security through obscurity" is a no-no. Go back to the basics of what you need (key length, block size, mode of encryption, when to use a symmetric or asymmetric key) etc.
As you are writing an Android app, I would question..
If it was my app && I cared about Confidentiality I would use hardware backed encryption (accepting that some older Android devices might not support it) OR use a Native (C) encryption library. The latter gets you wide device support but introduces other issues (JNI boundary, code lifting).
In summary, introducing encryption sounds simple. But do you really need it when it just highlights something interesting is being protected?
PS - You may want to re-post this question on: https://security.stackexchange.com/
Short answer: No
Answer: With a stream cipher, double encryption with the same parameters (key, IV, nonce, counter, etc.) as you show us will produce the clear text, allowing everyone to read your data.