Encryptor and Decryptor for data encryption.decryption using the Android KeyStore.
_____ _____ _
| __ \ / ____| | |
| | | | ___| | _ __ _ _ _ __ | |_ ___ _ __
| | | |/ _ \ | | '__| | | | '_ \| __/ _ \| '__|
| |__| | __/ |____| | | |_| | |_) | || (_) | |
|_____/ \___|\_____|_| \__, | .__/ \__\___/|_|
__/ | |
class DeCryptor {
private static final String TRANSFORMATION = "AES/GCM/NoPadding";
private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
private KeyStore keyStore;
DeCryptor() throws CertificateException, NoSuchAlgorithmException, KeyStoreException,
IOException {
private void initKeyStore() throws KeyStoreException, CertificateException,
NoSuchAlgorithmException, IOException {
keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
String decryptData(final String alias, final byte[] encryptedData, final byte[] encryptionIv)
throws UnrecoverableEntryException, NoSuchAlgorithmException, KeyStoreException,
NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, IOException,
BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
final Cipher cipher = Cipher.getInstance(TRANSFORMATION);
final GCMParameterSpec spec = new GCMParameterSpec(128, encryptionIv);
cipher.init(Cipher.DECRYPT_MODE, getSecretKey(alias), spec);
return new String(cipher.doFinal(encryptedData), "UTF-8");
private SecretKey getSecretKey(final String alias) throws NoSuchAlgorithmException,
UnrecoverableEntryException, KeyStoreException {
return ((KeyStore.SecretKeyEntry) keyStore.getEntry(alias, null)).getSecretKey();
______ _____ _
| ____| / ____| | |
| |__ _ __ | | _ __ _ _ _ __ | |_ ___ _ __
| __| | '_ \| | | '__| | | | '_ \| __/ _ \| '__|
| |____| | | | |____| | | |_| | |_) | || (_) | |
|______|_| |_|\_____|_| \__, | .__/ \__\___/|_|
__/ | |
class EnCryptor {
private static final String TRANSFORMATION = "AES/GCM/NoPadding";
private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
private byte[] encryption;
private byte[] iv;
EnCryptor() {
byte[] encryptText(final String alias, final String textToEncrypt)
throws UnrecoverableEntryException, NoSuchAlgorithmException, KeyStoreException,
NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, IOException,
InvalidAlgorithmParameterException, SignatureException, BadPaddingException,
IllegalBlockSizeException {
final Cipher cipher = Cipher.getInstance(TRANSFORMATION);
cipher.init(Cipher.ENCRYPT_MODE, getSecretKey(alias));
iv = cipher.getIV();
return (encryption = cipher.doFinal(textToEncrypt.getBytes("UTF-8")));
private SecretKey getSecretKey(final String alias) throws NoSuchAlgorithmException,
NoSuchProviderException, InvalidAlgorithmParameterException {
final KeyGenerator keyGenerator = KeyGenerator
keyGenerator.init(new KeyGenParameterSpec.Builder(alias,
return keyGenerator.generateKey();
byte[] getEncryption() {
return encryption;
byte[] getIv() {
return iv;
_____ _ _ _
/ ____| | | | | | |
| (___ __ _ _ __ ___ _ __ | | ___ | | | |___ __ _ __ _ ___
\___ \ / _` | '_ ` _ \| '_ \| |/ _ \ | | | / __|/ _` |/ _` |/ _ \
____) | (_| | | | | | | |_) | | __/ | |__| \__ \ (_| | (_| | __/
|_____/ \__,_|_| |_| |_| .__/|_|\___| \____/|___/\__,_|\__, |\___|
| | __/ |
|_| |___/
public class MainActivity extends AppCompatActivity {
private static final String TAG = MainActivity.class.getSimpleName();
private static final String SAMPLE_ALIAS = "MYALIAS";
@BindView (
Toolbar toolbar;
@BindView (
EditText edTextToEncrypt;
@BindView (
TextView tvEncryptedText;
@BindView (
TextView tvDecryptedText;
private EnCryptor encryptor;
private DeCryptor decryptor;
protected void onCreate(Bundle savedInstanceState) {
encryptor = new EnCryptor();
try {
decryptor = new DeCryptor();
} catch (CertificateException | NoSuchAlgorithmException | KeyStoreException |
IOException e) {
@OnClick ({,})
public void onClick(final View view) {
final int id = view.getId();
switch (id) {
private void decryptText() {
try {
.decryptData(SAMPLE_ALIAS, encryptor.getEncryption(), encryptor.getIv()));
} catch (UnrecoverableEntryException | NoSuchAlgorithmException |
KeyStoreException | NoSuchPaddingException | NoSuchProviderException |
IOException | InvalidKeyException e) {
Log.e(TAG, "decryptData() called with: " + e.getMessage(), e);
} catch (IllegalBlockSizeException | BadPaddingException | InvalidAlgorithmParameterException e) {
private void encryptText() {
try {
final byte[] encryptedText = encryptor
.encryptText(SAMPLE_ALIAS, edTextToEncrypt.getText().toString());
tvEncryptedText.setText(Base64.encodeToString(encryptedText, Base64.DEFAULT));
} catch (UnrecoverableEntryException | NoSuchAlgorithmException | NoSuchProviderException |
KeyStoreException | IOException | NoSuchPaddingException | InvalidKeyException e) {
Log.e(TAG, "onClick() called with: " + e.getMessage(), e);
} catch (InvalidAlgorithmParameterException | SignatureException |
IllegalBlockSizeException | BadPaddingException e) {
Copy link

Matthcw commented Apr 8, 2021

Hi, what is the license on this code?

Copy link

@Matthcw none, feel free to do whatever you want with it

Copy link

Matthcw commented Apr 9, 2021 via email

Copy link

javimar commented Sep 22, 2021

Hello, my question is if there is a way to retrieve a stored value with just knowing the alias. The thing is that the method to retreive it is coupled with the encryption and the iv... thanks!!

Copy link

AMoeid7 commented Jun 27, 2022

it gave error javax.crypto.illegalblocksizeexception while decrypting the code could you help me out

Copy link

Thanks for sharing! This code is really helpful!
Anyway, can i use this code for encrypting/decrypting android fingerprint information (data)?

Copy link

luskan commented Jul 13, 2023

If someone needs it, I have created Example app for this code:

