[Free] Another AES encryption extension


Here I’m, I rechecked my old extension and now it works fine. I enclose a demo too and a new link.

This extension has been revised and now it is supported by Tozny’s great work about AES encryption, to which I’m debtor for this project .
The AES 128 is encrypted in CBC mode with PKCS5 padding. The cyphertext and random IV generated during the process are kept together, so no need to store the latter somewhere. The integrity of cyphertext is assured by SHA256 , whose digest is kept together with the generated key.

How it works:
At present only AES is implemented, so the numeric value possible is “1”

If you want to use a personal password set TRUE else for a random key set FALSE

attach a password here if MyPassword is TRUE or a blank string if FALSE
then save safely this result somewhere for encryption/decryption process

myPassword param. needs your password if MyPassword is TRUE or a blank string if FALSE
secret param. needs the result of GenerateStrongKey
stringToEncrypt param. needs a string with text to encrypt

myPassword param. needs your password if MyPassword is TRUE or a blank string if FALSE
secret param. needs the result of GenerateStrongKey
stringToDecrypt param. needs a string with a ciphertext generated with Encrypt

New link
com.tiziano1960.cryptoextension.aix (28.5 KB)

and here’s a demo
CryptoExtensionDemo.apk (2.2 MB)

Example of use

Best way to hide firebase token?
Best secure DB/ Data Storage Connectivity using Thunkable
Secure Chat - Proof of Concept
How to view Firebase Logs

in this case your extension useless… if someone likes to use encryption, then it should be as safe as possible…

Encrypting strings in Android: Let’s make better mistakes

If you do a web search for “encrypting Strings in Android”, you’ll find a lot of example code on sites like Stack Overflow, but those examples are wrong. They definitely input a String and output gibberish that looks like encrypted text, but they are subtly insecure and even dangerous. Crypto is tricky: it’s hard to tell that the gibberish that’s being printed is not good crypto, and it’s hard to tell that the code example you picked up from Stack Overflow has serious flaws.


Best secure DB/ Data Storage Connectivity using Thunkable

You are right to some extent, when you says the code generated by ECB mode in not secure enough and therefore could be cracked . But about its uselessness let me say that this is not a professional development site, I think the medium user has not high classified informations to hide and if he had, I suppose he could better try to solve his problem in other ways than appinventor and android OS. So for a normal peolple who just do not want his agenda or love letters or anything else like that be exposed to public eyes in plain text , I think it’s enough. Everyway I’ll take your advice for good and I’ll try to improve security maybe changing mode in next future.


if someone needs to use encryption, then he/she likes to do it correctly and not only a little bit
this is not dependent on the development environment

when you says the code generated by ECB mode in not secure enough



After a while, I had time to review and totally change the extension. Now the encryption is stronger while the algorythm is the same AES with a 128 keysize. I hope to have improved the fisrt attempt and maybe, in future, I would like to add more options.
See the first post for new link


Tiziano thanks for your extension , I am making 2 apps currently and will I be able to encrypt a string in 1 app send it to firebase and then decrypt it in the other app .


Glad to help!


A new version and a demo have been uploaded, see first post


I guess this makes @Taifun’s work unnecessary :wink: If that’s the case, then you took off a lot of my work (again). THANKS!


It’s there a way to tell if a text is encrypted or not?


Yes, an encrypted text is not a human readable one. Naturally the reader should know in advance he is in front of a text and not something else, like a machine code.


Well, I mean let’s say:

I send a file to a user, when he receive the file the program must know if encrypted to decrypt, because…
If the file is not encrypted and he try to decrypt will get an error, I think…


if file is encrypted then decrypt else just read


Why it tell me “bad base 64”? It work yesterday but today it tell me this. I didn’t change the password during this time.


did you change anything in your O.S.? Which is the API of your Android release?


Sorry, I forget to open the “my password” when I close it. The mistake has solve now


Very nice Work! I have implemented in my app and it runs like a rabbit… :slight_smile:

Now I need the same for my PHP website. I’ve read the PHP manual but I’m still standing at the same place. Do you have any hint or some snippets in PHP tu make the same encryption/decryption?

Thanks a lot



Sorry, no. I used php a long time ago and now I’m not at easy with it any longer



I’m interested in to encrypt the url’s used in an app that I’m trying to build. I want to avoid that any person can know which are the url’s with which the app connects.

I want to remain the url’s as a secret, even for an experienced programmer.

Can I use your extension for this purpose?

If so, how can use the extension to encrypt the url’s?

I really appreciate if you can give me a guide about this.