I am developing an application to download files online, save them on internal storage, and read them once installed. Moreover, my client have requested than the files are encrypted.
Actually I have developed a working version that do the following :
Download process :
1) Download the File on internal storage
2) create a new encrypted file from the original one, and save it in the internal folder
3) Delete the original one
Opening process :
1) Create a Decrypted file from the encrypted one and save it in the internal storage
2) Open the decrypted file with the correct viewer
3) Delete the decrypted file once the user stop reading it.
Here is my question:
I am actually using activityForResult and an Intent ACTION VIEW to open the decrypted file from the internal storage.
First of All, I don't like using an ActivityForResult on an ACTION VIEW Intent because it is handled by a external app, Secondly the user keep the decrypted file if he leave the app from the viewer.
How Can I Create a temporary file from my decrypted file which will be destroy after the user finish reading it?
The downloaded files needs to be readable offline, so streaming is not an option.
EDIT: SOLUTION
The only solution is to take control of the Intent, so that the ActivityForResult can be used safely here. Therefore, the viewer must be implemented in the application. If the files are not common files, as my case, you should develop your own reader/viewer. This allows you to completely control what your application is doing and when your files will be deleted.
Related
I have multiple apps that take photos and store them on external storage.
I want to upload the photos along with some metadata to a web application running on my companies server.
I am able to write data and file URI to a database using a ContentProvider.
I have written a SyncAdapter to upload the files via HTTP-POST, but I am stuck because in this SyncAdapter I cannot get permission to read the files.
My big question is: Can I use a FileProvider to overcome this issue?
I am NOT storing the files in the ContentProvider using an intent.
I have tried to set permissions on URL, it failed.
I Desperation I tried to export the FileProvider, which was not allowed.
I want to be able to open an input-stream of the file in another app than the one storing the file without having to start the transfer using an Intent.
I am writing a web server with Play framework 2.6 in Java. I want to upload a file to WebServer through a multipart form and do some validations, then upload the file s3. The default implementation in play saves the file to a temporary file in the file system but I do no want to do that, I want to upload the file straight to AWS S3.
I looked into this tutorial, which explains how to save file the permanently in file system instead of using temporary file. To my knowledge I have to make a custom Accumulator or a Sink that saves the incoming ByteString(s) to a byte array? but I cannot find how to do so, can someone point me in the correct direction?
thanks
I'm writing a small Java application similar to TrueCrypt, it is a container with encrypted user files.
There is a problem with access to encrypted files. At the moment, I'm using this approach:
1. When connecting the container completely decrypt all files in a common folder.
2. Mount folder as a drive.
3. Watch the events in a folder decrypt files using WatchService.
4. For example, when adding a new file is encrypted, and it is stored in the container.
5. After disconnecting the container delete all encrypt files and unmount folder.
I would like to find a solution that would allow to decrypt only the files that the user wants to use, such as providing the user access only to the names of the files, and when the user wants to use to decrypt only one file.
The requirements are: to use only native system file manager, don't write own file manager, a decision should be cross-platform.
At the moment, there is an idea to implement the FTP protocol, or WebDAV and mount it as a network drive.
Is there a simple and elegant solution?
One possibility would be to encrypt each file in the container separately. Encrypt the directory separately as well. When connected, just decrypt the directory file for the user to see. Other files are decrypted/encrypted as the user opens and saves them. Use a similar process for subdirectories if any are present.
This is more complex to run than encrypting the whole container in a single large encrypted file. It will also impose a delay on individual file access due to en/decryption.
I am trying to implement a secure system for iOS and Android that will transfer encrypted files from a server and decrypt on the device. The challenge I am currently trying to beat is the source code of Android app (also iOS app code decompile is possible) is decompilable. So this system was not be able to pass the penetration test.
The penetration test guys actually decompiled the whole Android app code and they managed to decrypt the files. How can I build such system that it will be secure and the files are not going to be decrypted except from the app itself?
Currently what I have is:
We encrypt bunch of files on the server in a directory. AES-256 with a passkey.
We encrypt the whole folder as a ePub file. Using aescrypt.com freeware utility. The file is an e-book.
We transfer the ePub file to the device.
We unzip the ePub file to a folder on the device. (Note that the unzipped files are still encrypted)
We override the webview's fileURLWithPath (on iOS) and before webview renders the content we give webview the decrypted content.
But as I said, the encrypted contents on the disk can be decrypted decompiling the code. Also the pass key is in the app source code as well.
How should I proceed in order to create a secure system for that process?
Thanks.
I am new to Google App Engine. I ran (locally) the sample of GAE bolbstore application given in the below link:
https://developers.google.com/appengine/docs/java/blobstore/
It launched a page to choose and submit a file. When I choose a file clicked the submit button:
i) the browser automatically downloads the same file. Why is it again downloading the same file?
ii) it created two files inside the folder 'appengine-generated'. They are:
d06-XwWoSZVw9HRcnLjZiA
local_db.bin
What are these files and where did my file store as blob?
Don't worry too much about what happens locally on the dev server.
i) It's just part of the demo, it serves you back the file you just uploaded because of this line:
res.sendRedirect("/serve?blob-key=" + blobKey.getKeyString());
ii) The first would I guess be the file you've just uploaded, the second would be the local copy of mySQL the dev server is using to emulate the datastore itself. Try comparing sizes to the original file you uploaded?
Once you have stored the file you have to access it via the api's provided, what form and where the file is actually stored no longer matters.