Search code examples
androidencryptionretrofit2sha256

Android Retrofit Parameter Encryption and Decryption SHA256

In my application I am using webservices using Retrofit. I have to Encrypt Field (parameter) in Request and Decrypt it on PHP Server.

I have to Encrypt and Decrypt version parameter.

Here is my RetroApi.java

public interface RetroApi {

    @FormUrlEncoded
    @POST("index.php/api/check-version")
    Call<String> getCheckVersion(@Field("version") String version, @Field("app") String app);
    
}

Creating instance of RetroApi.java

RetroApi retroApi;

HttpLoggingInterceptor logging = new HttpLoggingInterceptor();

logging.setLevel(HttpLoggingInterceptor.Level.BODY);
OkHttpClient httpClient = new OkHttpClient.Builder().addInterceptor(logging).build();
Gson gson = new GsonBuilder().setLenient().create();
Retrofit retrofit = new Retrofit.Builder().baseUrl(RetroApp.BASE_URL).addConverterFactory(ScalarsConverterFactory.create())
        .addConverterFactory(GsonConverterFactory.create(gson)).client(httpClient).build();

retroApi = retrofit.create(RetroApi.class);

Here is the Webservice call

Call<String> getResult = retroApi.getCheckVersion(Constants.SP_APP_VERSION, Constants.SP_APP_NAME);
    getResult.enqueue(new Callback<String>() {
        @Override
        public void onResponse(Call<String> call, Response<String> response) {
             
        }

        @Override
        public void onFailure(Call<String> call, Throwable t) {
            t.printStackTrace();
        }
    });

Please assist me to accomplish this.

Solution

  • Basically what you can do is simply encrypt your parameters with the standard Android tools. Here is a simple example of how to do it from which you can start.

    Basically is everything you need from an Android perspective, except for a way to store a secret - for that, you can use EncryptedSharedPreferences

    After that, you can send those encrypted strings as your API arguments.

    you can also create a centralized encryption factory for your requests like this:

    OkHttpClient okHttpClient = SomeOkHttpImplementation();

Retrofit retrofit = new Retrofit.Builder()
                .client(okHttpClient)
                .callFactory(new Call.Factory() {
                    @Override
                    public Call newCall(Request request) {
                        Request encryptedRequest = someFunctionToEncryptRequestOrItsArgs(request);
                        return okHttpClient.newCall(encryptedRequest);
                    }
                })
                .baseUrl(sBaseUrl)
                .build();

    Or with custom Interceptor as shown here

    The problem is that you will have to find a way to decrypt them on PHP side. I am not a PHP expert but I'm sure there are ways to do that. For example here and here you can find the Java and PHP implementation of the similar ciphers.