Cryptography is the process of securing the information. It can be defined as the conversion of data into scrambled text to conceal its readability and meaning, and deciphering it using a key. This data can be sent across safely over public and private networks.
When your app has to transmit sensitive or critical information over the network (private or public), it needs to encrypt the information to ensure information security. A decryption mechanism is used to convert the encrypted text into a readable format.
There are two types of cryptography:
Symmetric Cryptography: A single key is generated. The same key is used in encryption and decryption.
Asymmetric or Public Key Cryptography: A public key and a private key are generated. The public key is used for encryption and the private key is used for decryption. The public key is available in a trusted certificate, whereas the private key is confidential and not shared. Encryption is done on the device and decryption on the server (that has access to the private key). As the private key is not exposed, we support only encryption using asymmetric cryptography.
The Cryptography API enables your app to provide information and services in a secure way. It uses the kony.crypto Namespace and the following API elements.
Enables your app to save a generated key on the device's storage.
The Cryptography API enables your app to provide information and services in a secure way.
For symmetric cryptography, create a new key by using the kony.crypto.newKey function, then save the key to the device’s local storage using the kony.crypto.saveKey function. To read the key, use the kony.crypto.readKey function. With the generated key, you can now encode the input data by using the kony.crypto.encrypt function. Then, to decrypt the encoded data, use the kony.crypto.decrypt function. If you want to delete any key from the device store, use the kony.crypto.deleteKey function.
Hashing is a one-way encryption process unlike the cryptography. The generated hash value cannot be decrypted. For Hashing, generate a Password-Based Key Derivation Function 2 (PBKDF2) key using the kony.crypto.createPBKDF2Keyfunction. With the generated key, you can encrypt the input text using the kony.crypto.createHashfunction. Once the hash value is generated, you can check the authenticity of the data using the kony.crypto.createHMacHash function.
To understand how the Quantum Visualizer Cryptography API works, you must be familiar with some basic concepts.
Apps encrypt and decrypt data using ciphers. A cipher is an algorithm for performing encryption and decryption. The Quantum Visualizer Cryptography API supports block ciphers.A block cipher is a symmetric key cipher that operates on fixed-length groups of bits called blocks. For example, a block cipher encryption algorithm takes a 128-bit block of plain text as input, and produces an output of a corresponding 128-bit block of cipher text. The process of transformation is governed by a secret key. Decryption is a similar process. The decryption algorithm takes a 128-bit block (in this example) of cipher text along with the secret key, and yields the original 128-bit block of plain text.
Block cipher algorithms like DES require their input to be an exact multiple of the block size. If the plain text to be encrypted is not an exact multiple, your app must add padding before encrypting the data.
The following table describes the supported padding for different cipher algorithms:
RSA is an algorithm for public-key cryptography. It is the first algorithm known for both signing and encryption. This algorithm involves a public key and a private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key.
Ciphers are controlled by specific encryption modes. The mode specifies how the data will be encrypted and decrypted . The Quantum Visualizer Cryptography API supports the following standard modes.
Electronic Codebook (ECB) mode
Cipher Block Chaining (CBC) mode
Cipher Feedback (CFB) mode
Output Feedback (OFB) mode
ECB and CBC are valid modes for the Block ciphers
Because these are standard modes, you can find extensive information on the Internet about them if you are not familiar with them.
The following table describes the supported modes for various ciphers.
ecb, cfb, ofb, cbc, ctr
The initialization vector (IV) adds randomness to the cipher text. As a result, if the same message is encrypted twice with the same key, the resulting cipher texts will be different, as long as your app uses different initialization vectors.
The length in bytes of the IV should be the same as the block size of the algorithm (AES and TripleDES). For AES the IV has to be 16 bytes (128 bits). For TripleDES the IV has to be 8 bytes (64 bits).
The Quantum Visualizer Cryptography API provides the following algorithms.
For symmetric encryption and decryption, your app can use the following algorithms.
Supported Key Strengths (in bits)
128, 192, and 256
Advanced Encryption Standard (AES).
Triple Data Encryption Standard
Triple Data Encryption Standard. This algorithm uses two keys for encryption and one key for decryption. The algorithm works as follows:
encryptedtext = EK3(DK2(EK1(text to be encrypted)))
The text is encrypted with key1, decrypted with key2, and then again encrypted with key3. Decryption is the reverse:
decryptedtext = DK3(EK2(DK1(text to be decrypted)))
tripledes applies the DES cipher algorithm three times to each data block.
The following are the three different combinations of using this algorithm:
Option 1: K1, K2, and K3 are different (all three keys are independent)
Option 2: K1 and K2 are different; K3=K1 (two keys are independent)
Option 3: K1=K2=K3 (all three keys are identical)
Note: Quantum Visualizer recommends using Option 1 as it is more secure than the other two options.
For asymmetric encryption, the Quantum Visualizer Cryptography API supports the RSA algorithm, which is the industry standard. The key length for RSA must be 1024 bits or more.
SPA does not support the RSA algorithm.
To view the functionality of the Cryptography API in action, download the sample application from the link below. Once the application is downloaded, build and preview the application using the Quantum App.