Encrypt String (RSA x509) Android, iOS
-
one of my customers wants to use RSA encryption to verify that the app can get access to server
they want to give me a Public Key and then I have to encrypt the user password and send as base64 to server
this only happens at user login
I don't have to do any other kind of crypt stuff - only the encryption of the passwordmy customer already has C# code where they tested client-side encryption:
byte[] encryptedBytes = encryptString(password); string encryptedPwdB64 = Convert.ToBase64String(encryptedBytes); string clientRequest = String.Concat(username, ":", encryptedPwdB64); …. privte static byte[] encryptString(string textToEncrypt) { RSACryptoServiceProvider publicKeyProv = (RSACryptoServiceProvider)x509.PublicKey.Key; byte[] encryptedBytes = publicKeyProv.Encrypt(Encoding.UTF8.GetBytes(textToEncrypt), true); String encryptedText = System.Text.Encoding.UTF8.GetString(encryptedBytes); return encryptedBytes; }any ideas what would be the easiest way for me to do the same with Qt 5.7+ - QtQuickControls2 App running on Android and iOS ?
never added 3rd party libs before
thx
-
wrote on 10 Jan 2017, 09:40 last edited by
Since you are probably shipping OpenSSL with your code anyway (or at least I hope you are using SSL to connect over the network) you can use that to do the encryption, see http://hayageek.com/rsa-encryption-decryption-openssl-c/ for an example.
P.S.
Password encryption is a VERY BAD idea! Passwords should be stored as salted hashes (SHA3-512 is an option) -
one of my customers wants to use RSA encryption to verify that the app can get access to server
they want to give me a Public Key and then I have to encrypt the user password and send as base64 to server
this only happens at user login
I don't have to do any other kind of crypt stuff - only the encryption of the passwordmy customer already has C# code where they tested client-side encryption:
byte[] encryptedBytes = encryptString(password); string encryptedPwdB64 = Convert.ToBase64String(encryptedBytes); string clientRequest = String.Concat(username, ":", encryptedPwdB64); …. privte static byte[] encryptString(string textToEncrypt) { RSACryptoServiceProvider publicKeyProv = (RSACryptoServiceProvider)x509.PublicKey.Key; byte[] encryptedBytes = publicKeyProv.Encrypt(Encoding.UTF8.GetBytes(textToEncrypt), true); String encryptedText = System.Text.Encoding.UTF8.GetString(encryptedBytes); return encryptedBytes; }any ideas what would be the easiest way for me to do the same with Qt 5.7+ - QtQuickControls2 App running on Android and iOS ?
never added 3rd party libs before
thx
@ekkescorner
RSA encryption is not supported directly by Qt. You need to use OpenSSL for this.This can be a very cumbersome task to compile OpenSSL for Android and iOS yourself.
For Android see this, for iOS this.Use OpenSSL v1.0x (not v1.1.x)
-
Since you are probably shipping OpenSSL with your code anyway (or at least I hope you are using SSL to connect over the network) you can use that to do the encryption, see http://hayageek.com/rsa-encryption-decryption-openssl-c/ for an example.
P.S.
Password encryption is a VERY BAD idea! Passwords should be stored as salted hashes (SHA3-512 is an option)@VRonin customer doesn't use SSL because all is running with AndroidForWorks on BlackBerry Infrastructure where all is encrypted
customer doesn't store the passwords encrypted - only uses this encryption as an extra step to verify app access
-
@VRonin customer doesn't use SSL because all is running with AndroidForWorks on BlackBerry Infrastructure where all is encrypted
customer doesn't store the passwords encrypted - only uses this encryption as an extra step to verify app access
Moderatorswrote on 10 Jan 2017, 09:47 last edited by raven-worx 1 Oct 2017, 09:47@ekkescorner
this isn't a matter of SSL. OpenSSL is a cryptographic library you need to use to encrypt your data.To add up to @VRonin: for SHA hashes Qt has support via QCryptographicHash class.
-
@ekkescorner
RSA encryption is not supported directly by Qt. You need to use OpenSSL for this.This can be a very cumbersome task to compile OpenSSL for Android and iOS yourself.
For Android see this, for iOS this.Use OpenSSL v1.0x (not v1.1.x)
@raven-worx thx. had the fear I have to add OpenSSL ;-)
it's already on my todo list because I'll need this for Android 7 for customers using SSLSo I'll try to add OpenSSL - thx for the links
-
@raven-worx thx. had the fear I have to add OpenSSL ;-)
it's already on my todo list because I'll need this for Android 7 for customers using SSLSo I'll try to add OpenSSL - thx for the links
@ekkescorner said in Encrypt String (RSA x509) Android, iOS:
@raven-worx thx. had the fear I have to add OpenSSL ;-)
So I'll try to add OpenSSL - thx for the links
ó.Ò
-
@VRonin customer doesn't use SSL because all is running with AndroidForWorks on BlackBerry Infrastructure where all is encrypted
customer doesn't store the passwords encrypted - only uses this encryption as an extra step to verify app access
wrote on 10 Jan 2017, 09:51 last edited by@ekkescorner said in Encrypt String (RSA x509) Android, iOS:
customer doesn't use SSL
I'm curious now... you encrypt locally, send over unsecure network and decrypt locally on the other side? If so how can you prevent men-in-the-middle?
-
@ekkescorner said in Encrypt String (RSA x509) Android, iOS:
customer doesn't use SSL
I'm curious now... you encrypt locally, send over unsecure network and decrypt locally on the other side? If so how can you prevent men-in-the-middle?
@VRonin the network is secure. it's AndroidForWork on BlackBerry Enterprise Server. you could think that it's something like a VPN.
most of my mobile business apps are running on BlackBerry Server and 90% of the customers only use http because all is encxrypted: devices and traffic
in this case where very sensible data can be accessed it's only an extra verification step.
-
@VRonin the network is secure. it's AndroidForWork on BlackBerry Enterprise Server. you could think that it's something like a VPN.
most of my mobile business apps are running on BlackBerry Server and 90% of the customers only use http because all is encxrypted: devices and traffic
in this case where very sensible data can be accessed it's only an extra verification step.
wrote on 10 Jan 2017, 10:10 last edited by@ekkescorner I only now read your username. Sorry for treating you as "not an expert" in network and/or password encryption.
I think you still have 2 options apart from OpenSSL:
- Use Android's built in encryption with QAndroidJniObject: https://www.example-code.com/android/rsa_encryptstrings.asp
- use CryptoC++ https://www.cryptopp.com/wiki/RSA_Cryptography
-
@ekkescorner I only now read your username. Sorry for treating you as "not an expert" in network and/or password encryption.
I think you still have 2 options apart from OpenSSL:
- Use Android's built in encryption with QAndroidJniObject: https://www.example-code.com/android/rsa_encryptstrings.asp
- use CryptoC++ https://www.cryptopp.com/wiki/RSA_Cryptography
@VRonin said in Encrypt String (RSA x509) Android, iOS:
@ekkescorner I only now read your username. Sorry for treating you as "not an expert" in network and/or password encryption.
I think you still have 2 options apart from OpenSSL:
- Use Android's built in encryption with QAndroidJniObject: https://www.example-code.com/android/rsa_encryptstrings.asp
- use CryptoC++ https://www.cryptopp.com/wiki/RSA_Cryptography
thx for this worthful info - will try CryptoC++ - need solution for Android and iOS
4/11