By default, Android offers to developers some Java APIs to implement some cryptographic operations on Android. These APIs are great but not always easy to use and not really adapted to mobile environment with constraints. To solve this problem, Facebook has created a dedicated library named Conceal that provides a set of Java APIs to perform fast cryptographic operations on Android.

Conceal has been designed to be able to encrypt large files on disk in a fast and memory efficient manner. Rather to offer a large choice of algorithms to choose to encrypt and decrypt data, Conceal has chosen to implement specific cryptographics algorithms from OpenSSL. To be more efficient, Conceal attemps to manage memory between the native and Java heap. Besides, to reduce size of the library, Conceal ships with only a select number of encryption algorithms from OpenSSL which makes it much smaller (only 85KB). Now, we can start to use Conceal.

Installation

To install Conceal on your Android application project, you need to download the following binaries :

libconceal.jar from https://raw.github.com/facebook/conceal/gh-pages/downloads/libconceal.jar

from https://raw.github.com/facebook/conceal/gh-pages/downloads/libconceal.jar conceal_android.jar from https://raw.github.com/facebook/conceal/gh-pages/downloads/conceal_android.jar

from https://raw.github.com/facebook/conceal/gh-pages/downloads/conceal_android.jar Native binaries from https://raw.github.com/facebook/conceal/gh-pages/downloads/libs.zip

Add both jars as dependencies. Then, drop the .so files in libs.zip into a jniLibs/ folder located at src/main/jniLibs.

Encrypt content

Once you have installed dependencies in your project, you can encrypt your first file :

// Creates a new Crypto object with default implementations of // a key chain as well as native library. Crypto crypto = new Crypto( new SharedPrefsBackedKeyChain(context), new SystemNativeCryptoLibrary()); // Check if crypto instance is available if (!crypto.isAvailable()) { return; } OutputStream fileStream = new BufferedOutputStream( new FileOutputStream(file)); // Encrypted output stream OutputStream outputStream = crypto.getCipherOutputStream( fileStream, entity); // Write your plain text content outputStream.write(plainTextBytes); outputStream.close();

Decrypt content

Now, you would like to know how to decrypt your encrypted content. It’s very easy with Conceal like you can see :

// Creates a new Crypto object with default implementations of // a key chain as well as native library. Crypto crypto = new Crypto( new SharedPrefsBackedKeyChain(context), new SystemNativeCryptoLibrary()); // Check if crypto instance is available if (!crypto.isAvailable()) { return; } // Get the encrypted file FileInputStream fileStream = new FileInputStream(file); // Creates an input stream which decrypts the data InputStream inputStream = crypto.getCipherInputStream( fileStream, entity); int read; byte[] buffer = new byte[1024]; while ((read = inputStream.read(buffer)) != -1) { out.write(buffer, 0, read); } inputStream.close();

Note that you must read the entire stream to decrypt content because a verification is done at the end of the stream. Thus, not reading till the end of the stream will cause a security bug.

Conclusion

Like you can see, Conceal is an easy to use and powerful library to make fast cryptographic operations on Android. Besides, it offers great performances to encrypt and decrypt in a memory efficient manner like you can see in the diagram below.