CrashMonkey4Android | Android Andvance Monkey | Encryption library

Your key seems to be a PEM encoded public key in X.509/SPKI format. However, the line breaks are missing. These are to be set so that header and footer are each on a single line. In the body there is a line break after every 64 characters.

A correctly formatted PEM key can be processed directly by createPublicKey(). The key will be accepted even if the line breaks in the body are missing, but header and footer must be in different lines, otherwise the posted error message will be displayed: error:0909006C:PEM routines:get_name:no start line.

Example:

In the encrypt() method the IV is not considered. As in aesEncrypt(), the IV must be passed and used when creating the AES object.
Furthermore there are bugs in the encoding: The plaintext must be UTF8 encoded and the ciphertext must be hex encoded:

You need to encrypt with the private key and then decrypt with the public key

For a Key Check Value (KCV) one generally uses single block encryption, without any mode such as ECB or CBC. As only a constant value of 16 bytes is used, there is no need for padding either.

If you just have a CBC class that performs ISO 9797-1 M2 padding then you could encrypt the static value of 01010101010101010101010101010101 (hex encoding of 16 bytes), using an all-zero IV and taking the first 16 bytes from the result (removing 16 bytes of ciphertext at the end that is just encryption of the mandatory padding).

As you can see in the image below, because the IV is all zero, the XOR with the plaintext leaves the input intact, basically making the first ciphertext identical to direct encryption with the block cipher.

By WhiteTimberwolf (SVG version) - PNG version, Public Domain, https://commons.wikimedia.org/w/index.php?curid=26434096

However, as you are using Java, it makes more sense to use a Cipher object using algorithm "AES/ECB/NoPadding" and use that to encrypt the value of 01010101010101010101010101010101 directly. ECB doesn't take an IV, so that problem is avoided. Also, no padding needs to be considered when "NoPadding" is specified.

If you need fewer bytes: those are usually taken from the left (lowest index) of the result.

Beware that these kinds of KCV's are somewhat dangerous as they show the ciphertext of one particular plaintext block. In the worst instances, this could lead to an adversary decrypting one ciphertext block, or for an authenticated scheme to lose its integrity/authentication properties.

Commonly KCV's are over an all-zero plaintext block. Using an all one-valued block makes the chance that this happens smaller, but that chance is still significant.

Depending on your .NET version, you may not need BouncyCastle at all. As of .NET Core 3.1 there is RSA.ImportEncryptedPkcs8PrivateKey() for DER encoded encrypted private PKCS#8 keys and as of .NET 5.0 there is even RSA.ImportFromEncryptedPem() for PEM encoded encrypted keys.

Otherwise with C#/BouncyCastle the import of an encrypted private PKCS#8 key is available e.g. with:

The reason is this breaking change:

DeflateStream, GZipStream, and CryptoStream diverged from typical Stream.Read and Stream.ReadAsync behavior in two ways:

They didn't complete the read operation until either the buffer passed to the read operation was completely filled or the end of the stream was reached.

And the new behaviour is:

Starting in .NET 6, when Stream.Read or Stream.ReadAsync is called on one of the affected stream types with a buffer of length N, the operation completes when:

At least one byte has been read from the stream, or The underlying stream they wrap returns 0 from a call to its read, indicating no more data is available.

In your case you are affected because of this code in Decrypt method:

After playing around with this for a while, I discovered that the issue comes from the ConfigurationSaveMode.Full option.

In both ProtectSettings() and UnProtectSettings(), instead of

You need to rework your function.

Python isn’t smart enough to know which part of the code you need multiprocessed.

Most likely it’s the for loop right, you want to encrypt the files in parallel. So you can try something like this.

Define the function which needs to be run for each loop, then, create the for loop outside. Then use multiprocessing like this.

To protect your app from modification, codesign it. You can use a private key or use Apple's notarization service. This will ensure no one modifies your app or distributes an installer that tries to replace your app.

Keychain items your app creates can have access control lists, but even by default, the OS won't allow other apps to read your app's keychain items without being approved by the user. The user will receive a pop-up indicating the item the app is requesting.

So I believe your best bet is to sign your app, and store the data in Keychain. It should generally work as you want out of the box. But of course do a lot of testing. Generally these things fail-secure, so in most cases it won't leak any data to other apps. But you may get more pop-ups than you want the user to deal with if you make mistakes.