Android-Proguard-数据保护
Android应用程序中可以使用Proguard工具来混淆和优化代码,以增加代码的安全性和运行效率。在使用Proguard时,必须注意一些数据保护问题,例如密码、密钥等敏感信息的保护。
以下是一些示例代码,用于保护特定敏感数据:
- 加密字符串:
public static String encrypt(String data) { try { KeyGenerator keyGenerator = KeyGenerator.getInstance("AES"); keyGenerator.init(128); SecretKey secretKey = keyGenerator.generateKey(); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, secretKey); byte[] iv = cipher.getParameters().getParameterSpec(IvParameterSpec.class).getIV(); byte[] encryptedData = cipher.doFinal(data.getBytes("UTF-8")); return Base64.encodeToString(iv, Base64.DEFAULT) + "|" + Base64.encodeToString(encryptedData, Base64.DEFAULT); } catch (Exception e) { return null; } }
public static String decrypt(String encrypted) { try { String[] parts = encrypted.split("\|"); byte[] iv = Base64.decode(parts[0], Base64.DEFAULT); byte[] encryptedData = Base64.decode(parts[1], Base64.DEFAULT); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(iv)); byte[] decryptedData = cipher.doFinal(encryptedData); return new String(decryptedData, "UTF-8"); } catch (Exception e) { return null; } }
- 隐藏敏感数据:
String password = "P4ssw0rd"; // Sensitive data String hiddenPassword = new String(new char[password.length()]).replace("\0", "*"); // Hide the data
- 使用Android Keystore系统保护密钥:
KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); if (!keyStore.containsAlias(alias)) { KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore"); KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder( alias, KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT); builder.setBlockModes(KeyProperties.BLOCK_MODE_CBC); builder.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7); builder.setUserAuthenticationRequired(true); builder.setInvalidatedByBiometricEnrollment(false); keyGenerator.init(builder.build()); keyGenerator.generateKey(); }
以上示例代码提供了一些保护敏感数据的方法,可以用于加强代码的安全性。