See the App Inventor Extensions document about how to use an App Inventor Extension.
For questions about this extension, bug reports and feature requests, please start a new thread in the App Inventor Extensions forum. Thank you.
Mar 25th, 2016: Initial Version 1 uses AESCrypt-Android library
Aug 11th, 2016: Version 1a: avoid DX execution failed error: build each extension separately
Jan 27th, 2016: Version 2: now using library java-aes-crypto. Note: Version 2 is not compatible with Version 1!
There is a fundamental difference between Hashing and Encryption algorithms, see this stackoverflow answer: Hashing is one way. You can not get your data/string from a hash code.
Encryption is 2 way - you can decrypt again the encrypted string if you have the key with you.
In case you are interested in Hashing, for example to create a password hash, see my Tools Extension.
Extension to encrypt/decrypt strings.
Required permissions: none
This extension uses the java-aes-crypto library. Thank you tozny.com!
"A simple Android class for encrypting & decrypting strings, aiming to avoid serious cryptographic errors that most such classes suffer from."
Algorithm & Mode: Tozny.com chose: AES 128, CBC, and PKCS5 padding. For details, see here.
Q1: If I use the extension in a Play Store app, can someone identify and extract the password from the .apk by decompiling?
A: Usually you only store the salt inside your app. You might want to use TinyDB for that. Then you can use the password together with the stored salt to generate the key to encrypt/decrypt the data. Please be aware that if you store the password and salt in the same place that you store the encrypted data, your solution is not cryptographically sound since the attacker can just get both the key and the encrypted text. Instead, you should consider generating the key from a password/passphrase and using that to encrypt the user data. In case you really have to store the password inside the app, then at least use the Obfuscated text block from the text drawer to store the password to have some additional security, you can also follow this Security Recommendation (valid for In App Billing, but generally a good idea): It is highly recommended that you do not hard-code the exact public license key string value as provided by Google Play. Instead, you can construct the whole public license key string at runtime from substrings, or retrieve it from an encrypted store, before passing it to the constructor. This approach makes it more difficult for malicious third-parties to modify the public license key string in your APK file.
I can help you: for one hour I charge 25 USD.
Please contact me at info [at] puravidaapps [dot] com for details!
For questions about App Inventor, please use the App Inventor forum. Thank you.
The test app is available in Google Play for Beta testers. You can test the example following these steps
You can buy this extension (aix file).
With your payment you accept the terms and conditions below.
Please transfer 10 USD via Paypal.
After having received your payment I will be happy to send the extension (aix file) to you.
Thank you! Taifun
Please check your spam folder in case you did not receive the extension!
I usually will send the extension not later than 24 hours after having received your payment.