App Inventor Extensions

AES Encrypt/Decrypt Extension

See the App Inventor Extensions document about how to use an App Inventor Extension.

For questions about this extension or bug reports please start a new thread in the App Inventor community. Thank you.

For feature requests please contact me by email. To be a sponsor of a new method already is possible starting from only 10 USD! With your contribution you will help the complete App Inventor community. Thank you.

Mar 25th, 2016: Initial Version 1 uses AESCrypt-Android library

Aug 11th, 2016: Version 1a: avoid DX execution failed error: build each extension separately

Jan 27th, 2016: Version 2: now using library java-aes-crypto. Note: Version 2 is not compatible with Version 1!

Hashing vs. Encryption algorithms

There is a fundamental difference between Hashing and Encryption algorithms, see this stackoverflow answer: Hashing is one way. You can not get your data/string from a hash code. Encryption is 2 way - you can decrypt again the encrypted string if you have the key with you.
In case you are interested in Hashing, for example to create a password hash, see my Tools Extension.

Description

Extension to encrypt/decrypt strings.
Required permissions: none

This extension uses the java-aes-crypto library. Thank you tozny.com!
"A simple Android class for encrypting & decrypting strings, aiming to avoid serious cryptographic errors that most such classes suffer from."

Algorithm & Mode: Tozny.com chose: AES 128, CBC, and PKCS5 padding. For details, see here.

Methods

Generate Salt.

Encrypt.

Decrypt.

Example Use

Questions and Answers

Q1: If I use the extension in a Play Store app, can someone identify and extract the password from the .apk by decompiling?
A: Usually you only store the salt inside your app. You might want to use TinyDB for that. Then you can use the password together with the stored salt to generate the key to encrypt/decrypt the data. Please be aware that if you store the password and salt in the same place that you store the encrypted data, your solution is not cryptographically sound since the attacker can just get both the key and the encrypted text. Instead, you should consider generating the key from a password/passphrase and using that to encrypt the user data. In case you really have to store the password inside the app, then at least use the Obfuscated text block from the text drawer to store the password to have some additional security, you can also follow this Security Recommendation (valid for In App Billing, but generally a good idea): It is highly recommended that you do not hard-code the exact public license key string value as provided by Google Play. Instead, you can construct the whole public license key string at runtime from substrings, or retrieve it from an encrypted store, before passing it to the constructor. This approach makes it more difficult for malicious third-parties to modify the public license key string in your APK file.

Q2: Do you know where I can find a web site that will encrypt or decrypt something according to your algorithm? I need to receive data on a server written in delphi, and what I found did not encrypt the same.
A: This extension uses the java-aes-crypto library from tozny.com. Their library is a standalone library and is there is no compatible PHP or other library available!

Q3: My app needs to decrypt data received from an application server. The data is crypted in AES128 CBC and i know IV and password. It's possible decrypt it with your extension?
A: No, because it uses a standalone library. This question is similar to Q2. The extension is able to decrypt data, which also has been encrypted by the extension. The focus for this exension is App Inventor and its distributions like Appybuilder, Thunkable or Kodular.

Q4: If I encrypt data by this extension and send to my server... how can I decrypt this data through php?
A: Stefan aka Poisonous Whisper made a library that can do exactly what you want. The library can decrypt and encrypt text, using the same algorithm! For details see here: https://projects.technerd.at/aeslib/. Thank you Stefan!

Test the functionality of the AES extension

The test app is available in Google Play. You can test the example following these steps

1. Follow the opt-in URL to get access to the app and to be able to download it to your device. It might take a few hours for Google to enable you as beta tester!
2. Start testing.

Buy the AES extension for App Inventor

You can buy this extension (aix file).
With your payment you accept the terms and conditions below.

Payment options

After having received your payment I will be happy to send the download link to you. Please let me know your Google account! I usually will send the download link not later than 24 hours after having received your payment.
Thank you! Taifun

Terms and Conditions

• You are buying a digital product and agree to the No Return, No Refund Policy.
• You have tested the example app successfully on your device before buying the extension.
• You can use the extension in as many projects as you like and pass the generated apk files to as much end users as you like, also of course you can publish your apk files to Google Play and other services
• This is a single user license for you as App Inventor developer, which means, the extension (aix file) is only for you to use. You are not allowed to pass a paid extension (aix file) or a project (aia file) which contains a paid extension to someone else, to post it in one of the communities or to distribute it to others. In case you are interested in a multiple user license, please contact me by email.
• There are a lot of different Android devices available in the market. I'm not able to test the example on all these devices and therefore also can not guarantee, that the example is running on your device.
• THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Back to top of page ...