IQrypt SDK for Java can be embedded into your Android app and let's you encrypt data at the client side before being sent to a cloud database(like MongoDB, CouchDB, etc).

This quick-start provides just enough information to get you started using the Java client library within Android Studio.

Downloading the Java library

You will have to download IQrypt SDK which contains also Android package from here.

Create a folder ("libs") in your project directory, then from downloaded package, /lib folder, copy these the jar into your "libs" folder:

  • IQrypt-0.1.jar
  • genson-1.2.jar

Add Required import statements

You will need the following import statements:

import com.iqrypt.*;

License Key

Before doing any operations, IQrypt requires a license key:

IQryptConfigurator.setLicense("your license key");

*You can get a free trial license key from here.

Encryption settings

Before starting encrypt/decrypt data, IQrypt requires to set the encryption cipher and the encryption key. You can set it like this:

 IQryptConfigurator.setEncryptionChiper(Cipher.AES256, "my_super_secret");

*On production apps get the encryption key from a safe location- see Vault (do not embed it into the code).

Cipher is an enum type and has following values: Cipher.AES128, Cipher.AES256, Cipher.Camellia128 and Cipher.Camellia256.

With IQrypt you can encrypt database fields values/documents with different encryption schemes: OPE, DET, RND.

  • RND - randomized encryption (not searchable)
  • DET - deterministic encryption (allows EQUAL/NOT EQUAL queries, ex: WHERE field="encrypted_value")
  • OPE - order preserving encryption (allows Equality and Range queries, ex: WHERE field>"encrypted_value")

IQrypt may encrypt any Type that can be serialized to JSON but also primitive types like int, double, java.Util.Date, String, etc. To start encrypt values you will need to get an IEncryptor reference. IEncryptor interface has the following definition:

public interface IEncryptor {
     String encrypt(Object obj);

     Object decrypt(String encryptedStr, Class t);

     byte[] decryptBytes(byte[] encBytes);

     byte[] encryptBytes(byte[] bytes);
     Object decrypt(String toDecrypt, Class t, boolean encodingBase16);
     String encrypt(Object toEncrypt, boolean encodingBase16);
 }

So basically you can encrypt everything to a String or, if you want to encrypt files, for instance, you can use encryptBytes method.

RND encryption scheme

You can use RND encryption scheme to encrypt a full JSON document or a file, or just a document's field value. Example:

IEncryptor encryptor = EncryptorFactory.getEncryptor(EncryptionType.RND);

String sensitiveInfo="This info is sensitive";

//encrypt the string with RND encryption scheme having as cipher AES256 and encryption key material "my_super_secret"
String encryptedValue = encryptor.encrypt(sensitiveInfo);

You can also encrypt complex types, let's take an example:


public class Invoice
    {
        public String CustomerName ;
        public int InvoiceNumber ;
        public decimal Total ;
        public Date InvoiceDate ;

    }
........


Invoice invoice = new Invoice() ;
invoice.CustomerName = "My Company";
invoice.InvoiceDate = new Date();
invoice.Total = 2390;

IEncryptor encryptor = EncryptorFactory.getEncryptor(EncryptionType.RND);

String encryptedValue = encryptor.encrypt(invoice);

//and now let's decrypt back:
Invoice myDecryptedInvoice = encryptor.decrypt(encryptedValue);


Using RND encryption scheme, making successive calls and encrypt same plain text with same encryption key, it will always return different encrypted string, example:

IEncryptor encryptor = EncryptorFactory.getEncryptor(EncryptionType.RND);

String sensitiveInfo="This info is sensitive";

String encryptedValue = encryptor.encrypt(sensitiveInfo);

String encryptedValue2 = encryptor.encrypt(sensitiveInfo);

if(encryptedValue == encryptedValue2 )//this will never be true
{
    //will never reach this part
}


DET encryption scheme

DET encryption scheme is recommended to encrypt fields values by which you will need to make equality/non equality queries. If you encrypt a value with this scheme, the encrypted string will always be the same if it is used same Cipher and same encryption key example:

IEncryptor encryptor = EncryptorFactory.getEncryptor(EncryptionType.DET);

String SSN="003-62-5913";

String encryptedValue = encryptor.encrypt(SSN);

String encryptedValue2 = encryptor.encrypt(SSN);

if(encryptedValue == encryptedValue2 )//both values are equal
{
    //will always reach this part
}

OPE encryption scheme

OPE encryption scheme is recommended to encrypt fields values by which you will need to make equality/non equality but also range queries. With this encryption scheme you will be able to encrypt only: int,long, float, double and java.util.Date so far.

IEncryptor encryptor = EncryptorFactory.getEncryptor(EncryptionType.OPE);

int i=10;
int j=11;

String encryptedI= encryptor.encrypt(i);
String encryptedJ = encryptor.encrypt(j);

 bool iIsLessThanJ= encryptedI.compareTo(encryptedJ) < 0;

//iIsLessThanJ will be true.