aidin36 / simpletextcrypt Goto Github PK

An Android app which encrypts a plain text using AES256 algorithm.

Java 100.00%

simpletextcrypt's Introduction

Simple Text Crypt

It's an Android app which encrypts plain texts. This app does not claim any permissions, so you can trust that it cannot send any of your private data to anyone.

Can You Trust it?

Messages produces by this app is secure and can be confidently send over a network, for example. It uses AES in CBC mode with PKCS5 padding for encryption, and uses PBKDF2 with HMAC, SHA1 and a random Salt in order to derive a secure key from the entered password. This is a very powerful encryption. Also it encrypts its settings before storing them on the device.

However, the app itself may not be very secure, and probably vulnerable to some attacks. Although it is secure enough to stand attacks from non-expert crackers, e.g. normal users, it should not be used for serious data encryption.

Why Should You Encrypt?

It's a big subject to discuss. I recommend reading these two articles:

Why do you need PGP? In this article, Phil Zimmermann compare encryption of emails to putting letters in an envelop: if you don't have anything to hide, why do you hide your messages in envelops?
Why we encrypt? This article tells us that we should encrypt everything not just to protect our privacy, but also to protect those activists which their lives are depend on encryption.

Installation

It is recommended to install the app from F-Droid.

You can also directly download the APK from F-Droid if you don't want to install the F-Droid app.

Development

To run the tests execute: ./gradlew app:connectedAndroidTest

To install the debug build: ./gradlew installDebug

Copyright

SimpleTextCrypt is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

SimpleTextCrypt is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with SimpleTextCrypt. If not, see https://www.gnu.org/licenses/.

simpletextcrypt's People

Contributors

Stargazers

Watchers

Forkers

volcanoscar hrissimir kepinpin verylonely

simpletextcrypt's Issues

No file

"No File Found" when attempting to download from F-Droid.

Screenshots for F-Droid

You can add Screenshots for F-Droid, too, if you want.

https://f-droid.org/en/docs/All_About_Descriptions_Graphics_and_Screenshots/

https://gitlab.com/snippets/1895688

User shouldn't have to tap on Unlock button

In LockActivity, user has to tap on Unlock button. It would be easier for her to just tap the tick (enter) button on the keyboard.

Cryptographic APIs misuses

I'm a PhD student interested in finding security vulnerabilities in open source projects.

We found a total of 9 warnings (indicating potential vulnerabilities) when running the CogniCrypt static analyzer (*) on SimpleTextCrypt (or its library dependencies). We documented each one of these issues in private gists for the sake of confidentiality (non-disclosure).

Can you please let us know whether we can share these gists with you? We are eager to evaluate the perception of developers (e.g. severity of these warnings) and improve SimpleTextCrypt's security, and the quality of the reports of static analysis tools.

(*) https://github.com/CROSSINGTUD/CryptoAnalysis