0

I have the class :

public class Data{

private int time;
private double avgVelocity;
private double avgAcceleration;
private double avgRhythm;
private int ups;
private int [] pressures;
private double [] velocities;
private double [] accelerations;

public Data(int tm, double vel, double acc, double rtm, int up, 
        int [] press, double [] vels, double [] accs){

    time = tm;
    avgVelocity = vel;
    avgAcceleration = acc;
    avgRhythm = rtm;
    ups = up;
    pressures = press;
    velocities = vels;
    accelerations = accs;
}

public double getTime(){
    return time;
}

...

}

That class stores data from a device. This data should be stored in an XML file to be attached later on another file.

What I must have is to have the XML with stored data unreadable even if the attachment is visible. So should I Encrypt all the content of the variables and then store all the unreadable values on the xml? Or should I store all the values in the XML and then encrypt the whole file? or is there a better way to achieve this? (the serialization of the data in the xml is not a problem, I already did this, but whitout encrypting it)

I can't find any solution that fits my needs.

EDIT: according to the advices to encrypt the XML intead of the sigle data fields, what shoul be a good method to do this?

Igr
  • 965
  • 4
  • 13
  • 26

3 Answers3

3

I would encrypt the entire XML - less chance of error, and also less padding is needed (each string / byte array that you encrypt may require up to 16 bytes of padding depending on the block mode that you're using, so if you encrypt the entire XML at once then you're limited to 16 bytes of padding whereas if you encrypt it in eight separate chunks then you may have up to 128 bytes of padding). Here is an example of using AES to encrypt a string to a byte array - there are plenty of other examples available via google, just be sure to avoid examples using ECB (electronic codebook) mode as this mode isn't secure. You may also want to compress the XML before encrypting it (don't compress it after encrypting it, this would be a waste of time). This will leave you with a byte array, if you need a string then use a Base64 encoder to convert the byte array to a string.

As came up in akostadinov's answer, you should NOT reuse the initialization vector when encrypting your data - the IV needs to be unique, but it does not need to be secret (you can/should store it alongside your encrypted data).

Community
  • 1
  • 1
Zim-Zam O'Pootertoot
  • 17,888
  • 4
  • 41
  • 69
  • You mean to use the whole XML text string and encrypt it using AES and the base64 encoder, didn't you? Or to compose a unique String whit all the data and put that encrypted with AES on the xml? (sorry if it could be a stupid question but I'm unfamiliar with encryption and so) – Igr Jun 25 '13 at 14:55
  • @Igr I'm assuming that you've got a way to serialize the entire class out to an XML string, so you should use `byte[] encryptedData = encrypt(compress(XMLSerialize(plaintextdata)))` with the compression step being optional. If you want a `string` instead of a `byte[]` then you should use `string base64Data = base64Encode(encrypt(compress(XMLSerialize(plaintextdata))))`. It's up to you whether you then put this string in an XML file, e.g. `data` - it's encrypted at this point, so you can do whatever with it. – Zim-Zam O'Pootertoot Jun 25 '13 at 14:59
  • @Igr You then reverse this entire process to get the data back - `Data data = XMLDeserialize(decompress(decrypt(base64Decode(ciphertextdata))))` – Zim-Zam O'Pootertoot Jun 25 '13 at 15:01
  • yes I have the functions to serialize and deserialize easely all the data, I missed just the encryption step. Anyway I think I got what you explained – Igr Jun 25 '13 at 15:05
  • @Igr You should only use the base64 encoder if you really need a string, as this increases the file size by about 33% - it's more efficient to just store the raw byte array. Also, some protocols will automatically convert a byte array to a base64 string for you. – Zim-Zam O'Pootertoot Jun 25 '13 at 15:05
1

It depends on your data. As far as I see you would have a lot of duplicate values and encrypting fields may allow somebody to make conclusions about the data even without decrypting it (e.g. looking where encrypted sequences match). Your application does not seem highly security sensitive but if you encrypt entire XML or each complete record, that would be better than encrypting individual fields.

One thing to do right though, because perhaps different users will use your application, it is to generate encryption key once app launches for the first time. Otherwise all your users will have same encryption key so that will defeat the purpose of encryption.

akostadinov
  • 17,364
  • 6
  • 77
  • 85
  • 1
    As long as he doesn't reuse the [initialization vector](http://en.wikipedia.org/wiki/Initialization_vector) it won't be possible for an attacker to look where the encrypted sequences match (as in, if they *do* match then this will be meaningless) – Zim-Zam O'Pootertoot Jun 25 '13 at 14:41
  • if he encrypts fields independently from each other and if he wants to be able to decrypt them even if part of the sequence is gone for whatever reason, I don't see how could he avoid having same encrypted bytes for the same input value. Even if he is encrypting streams, it depends on the cipher variant if individual blocks will be same for the same input data. – akostadinov Jun 25 '13 at 14:48
  • If he's using ECB then he'll run into the problem you mention, but if he uses a more secure mode like CBC then using a unique IV for each field will prevent an attacker from correlating the different fields. He could store a separate IV for each field, or to save space he could store a single IV and increment it for each field - the IV isn't secret, it just need to be unique. – Zim-Zam O'Pootertoot Jun 25 '13 at 14:54
  • right, he can overcome this with IV but as yo usaid in your answer, it is easier to screw-up :) – akostadinov Jun 25 '13 at 15:12
  • At my last job they insisted that they could use an all-zero IV for everything because "our data doesn't need to be *that* secure..." – Zim-Zam O'Pootertoot Jun 25 '13 at 15:14
1

You should be able to create a output stream that data are all ready encrypted. If you care about safety you should encrypt everything. This mean that in your output you will not have a XML file. It would be set of bytes that store encrypted XML.

If you really require strong safety i would encrypt the file using two passes.

First pass would be encryption of data that will be written to String. Second create the XML file in memory with encrypted data and encrypt it all and write to output.

Step two should use different key.

Damian Leszczyński - Vash
  • 30,365
  • 9
  • 60
  • 95