12/08/2018, 14:54

Protect all your secret keys with your keystore

Current version support for Java 8 only, if you get problem with UnsupportedClassVersionError: hashkey/Design : Unsupported major.minor version 52.0. Do please update your java to version 8 If you can not open HashKeyHelper.jar, please open terminal then: chmod +x HashKeyHelper.jar * When you ...

Current version support for Java 8 only, if you get problem with UnsupportedClassVersionError: hashkey/Design : Unsupported major.minor version 52.0. Do please update your java to version 8

  • If you can not open HashKeyHelper.jar, please open terminal then: chmod +x HashKeyHelper.jar * When you build an Java application project that has a main class, the IDE automatically copies all of the JAR files on the projects classpath to your projects dist/lib folder. The IDE also adds each of the JAR files to the Class-Path element in the application JAR files manifest file (MANIFEST.MF).

To run the project from the command line, go to the dist folder and type the following:

java -jar "HashKey.jar"

To distribute this project, zip up the dist folder (including the lib folder) and distribute the ZIP file.

Notes:

If two JAR files on the project classpath have the same name, only the first JAR file is copied to the lib folder. Only JAR files are copied to the lib folder. If the classpath contains other types of files or folders, these files (folders) are not copied. If a library on the projects classpath also has a Class-Path element specified in the manifest,the content of the Class-Path element has to be on the projects runtime path. To set a main class in a standard Java project, right-click the project node in the Projects window and choose Properties. Then click Run and enter the class name in the Main Class field. Alternatively, you can manually type the class name in the manifest Main-Class element.

I. Introduction

With many applications which were written in Java language such as Android applications, Java desktop applications and all JAR libraries will be decoded and your achievement will be lost.

Even your secret key which connect to your Facebook account, Google email will be lost too.

Due to that I write this tool is protect your secrete key or any private information data in your application.

Moreover, this tool provide a function to generate hashkey which is used to sign your application with Facebook (https://developers.facebook.com/)

II. How to use

1. UI guide

This tool is written in java language, however it using proguard technology to obfuscate source code.

Let me show you how to use it:

KeyStore path: it's path of your keystore, file used to signed your apk android

keytool path: it's in your java home.

Mac: 
    /Library/Java/VirtualMachine/{YOUR_CURRENT_VERSION}/Content/Home/bin 
Windows: 
    C:/Windows/Programs/Java/{YOUR_CURRENT_VERSION}/bin 
Linux: 
    with the same to Java home path ( i do not remember the path, because with all linux we can using and configure java path any where)

Key password: It's your keystore password

Alias: ignore it, because it's will be filled when you generate hashkey

Encode resource: Your data which need to be protect, please add all private information in 1 properties file, then tool will be encode your file content with AES algorithm

Generate button: when you select it, tool will works and generate a hashkey for you

Copy button: copy hashkey above to your clipboard then you can paste it anywhere.

Encode button: encode your data in properties file above.

2. Functions

This tool will be saved last input information (keystore path, password in history.properties..., of course, they are encoded)

This tool will be work multi-platforms (I hope so): Mac, Windows, Linux

3. Implement

When you encoded your data, please copy encoded.properties (change the name if you want), and all in lib folders to your project (gradle, eclipse...)

To get your data, please use Aes.decryptFromBase64(data, signature_in_your keystore)

you can get your hashkey of your keystore (used to signed your apk, if debug mode, will be debug.keystore) with the flowing android's code:

public static String getHashKey() {
    Context mAppContext = GlobalApplication.getInstance();
    try {
        PackageInfo info = mAppContext.getPackageManager()
                .getPackageInfo(mAppContext.getPackageName(), PackageManager.GET_SIGNATURES);
        String sig = null;
        Signature signature = info.signatures[0];
        MessageDigest md = MessageDigest.getInstance("SHA");
        md.update(signature.toByteArray());
        sig = Base64.encodeToString(md.digest(), Base64.DEFAULT);
        //Toast.makeText(context, sig, Toast.LENGTH_LONG).show();
        return sig;
    } catch (PackageManager.NameNotFoundException e) {
        //e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        //e.printStackTrace();
    }
    return null;
}

Or using the hashkey created by this tool. (I recommend to use code above)

III. Conclusion

This tool provide you an extra way to project your application.

If you have any question, don't be shy, email me to nguyen.viet.manh@framgia.com I will answer you asap.

Thank you for your attention.

0