Secure your data between frontend and backend

Encryption and Hashing are most used to secure your data between your app and database. This article will focus on the encryption algorithms between android frontend and backend APIs, the algorithms are applicable for other applications platform

AES Crypt

AES Crypt is a file encryption software available on several operating systems like Windows, Mac, iOS, Android, Python, Java, and PHP, they use the industry-standard Advanced Encryption Standard (AES) to easily and securely encrypt files.

Using a powerful 256-bit encryption algorithm, AES Crypt can safely secure your most sensitive files. Once a file is encrypted, you do not have to worry about a person reading your sensitive information, as an encrypted file is completely useless without the password. It simply cannot be read.

Example:

public class AESCrypt
{
    private static final String ALGORITHM = "AES";
    private static final String KEY = "1Hbfh667adfDEJ78";

    public static String encrypt(String value) throws Exception
    {
        Key key = generateKey();
        Cipher cipher = Cipher.getInstance(AESCrypt.ALGORITHM);
        cipher.init(Cipher.ENCRYPT_MODE, key);
        byte [] encryptedByteValue = cipher.doFinal(value.getBytes("utf-8"));
        String encryptedValue64 = Base64.encodeToString(encryptedByteValue, Base64.DEFAULT);
        return encryptedValue64;

    }

    public static String decrypt(String value) throws Exception
    {
        Key key = generateKey();
        Cipher cipher = Cipher.getInstance(AESCrypt.ALGORITHM);
        cipher.init(Cipher.DECRYPT_MODE, key);
        byte[] decryptedValue64 = Base64.decode(value, Base64.DEFAULT);
        byte [] decryptedByteValue = cipher.doFinal(decryptedValue64);
        String decryptedValue = new String(decryptedByteValue,"utf-8");
        return decryptedValue;

    }

    private static Key generateKey() throws Exception
    {
        Key key = new SecretKeySpec(AESCrypt.KEY.getBytes(),AESCrypt.ALGORITHM);
        return key;
    }
}

Difference between Hashing a Password and Encrypting it

Hashing is a one-way function (well, a mapping). It’s irreversible, you apply the secure hash algorithm and you cannot get the original string back. The most you can do is to generate what’s called “a collision”, that is, finding a different string that provides the same hash. Cryptographically secure hash algorithms are designed to prevent the occurrence of collisions.

Encrypting is a proper (two-way) function. It’s reversible, you can decrypt the mangled string to get the original string if you have the key.

The unsafe functionality it’s referring to is that if you encrypt the passwords, your application has the key stored somewhere and an attacker who gets access to your database (and/or code) can get the original passwords by getting both the key and the encrypted text, whereas with a hash it’s impossible. There are many algorithms to perform hashing:

MD5

Uses the Message-Digest Algorithm 5 (MD5) hash function. The output hash is 128 bits in length. The MD5 algorithm was designed by Ron Rivest in the early 1990s and is not a preferred option today.

SHA1

Uses Security Hash Algorithm (SHA1) hash published in 1995. The output hash is 160 bits in length. Although most widely used, this is not a preferred option today.

HMACSHA256, HMACSHA384, HMACSHA512

Use the functions SHA-256, SHA-384, and SHA-512 of the SHA-2 family. SHA-2 was published in 2001. The output hash lengths are 256, 384, and 512 bits, respectively, as the hash functions’ names indicate.

Conclusion

Encryption can be converted both ways, in a way that the end value can bring you to the original value, and with Hashing, you’ll not be able to revert from the end result to the original value. I conclude we can go to encryption way if we have a secure database, and code, else then we can go with Hasinng approach