Android app that encrypts and exports all sms.
The main goal was to create a simple app that would use as little user provided information as possible to encrypt and export the text messages on the phone. The idea is that by encrypting the data, any third party service can be used to transport and store the data. For example: Dropbox, Gmail or even Pastebin.
The symmetric key is generated by hashing the password provided by the user together with a salt.
symmetric_key = sha256(password || "SMSX");
The symmetric key is then used to encrypt all the text messages using AES256 in CBC mode with a random IV.
encrypted = AES/CBC/PKCS5Padding(data, IV);
To ensure the integrity of the encrypted data HMAC-SHA256 is used. Reuse of the password is avoided since a new key is generated by hashing the symmetric key. The decision to use Encrypt-then-MAC was based on the mechanisms in TLS and RFC 7366.
hmac_key = sha256(symmetric_key);
hash = HMAC-SHA256(mac_key, encrypted);
Finally the output was generated by base64 encoding the concatenation of the hash, IV and encrypted data.
output = base64( hash || IV || encrypted );