Comments (12)
iamMehedi
commented on May 30, 2024
This seems to be somewhat related to #2 I'll test it thoroughly when I can manage some time and let you know.
from secured-preference-store.
iamMehedi
commented on May 30, 2024
@nirvik66 This is related to #2. The issue should not be there on API level 21 and upper.
from secured-preference-store.
nirvik66
commented on May 30, 2024
@iamMehedi I need to support API level 18 so I modified your classes to added some logic to recover from the key store loss. Basically removing all alias in the keystore and clearing the SecuredPreferenceStore and regenerating everything. Let me know if you're interested.
from secured-preference-store.
iamMehedi
commented on May 30, 2024
@nirvik66 I'd like to take a look at the changes you've made. May be we can add that behavior as an optional migration/recovery policy to the library.
from secured-preference-store.
nirvik66
commented on May 30, 2024
@iamMehedi I forked your project and I created a new branch with the changes. https://github.com/nirvik66/Secured-Preference-Store/tree/feature/fix-keystore-key-loss
You can see all the changes on the last commit on the branch but mainly,
On Encryption Manager:
- Removed all mentions about KeyProperties
- Change the logic of generateRSAKeys
- Added some methods to clear the keystore alias
On SecuredPreferencesStore:
- Save a new key to be able to determine if the key we have on the keystore is good to decrypt the values
- Modify the getSharedInstance to clear everything if the key is no longer valid
from secured-preference-store.
mcassiano
commented on May 30, 2024
@nirvik66 Did your solution fix the crashes that happened because of this? Is it stable?
from secured-preference-store.
iamMehedi
commented on May 30, 2024
@mcassiano The reason for the crashes are still there (Google hasn't changed the way keystore works), but the library has a way to recover(start over, so the app doesn't crash). See here
https://github.com/iamMehedi/Secured-Preference-Store#recovery
from secured-preference-store.
mcassiano
commented on May 30, 2024
@iamMehedi yes, I'm aware. I was just wondering if her solution is stable enough so I can use her branch. Thanks :)
from secured-preference-store.
mcassiano
commented on May 30, 2024
@iamMehedi btw, I think I missed something. You need to explicitly set the DefaultRecoveryHandler if you want this behavior, right?
from secured-preference-store.
iamMehedi
commented on May 30, 2024
yes, you need to explicitly set that.
from secured-preference-store.
mcassiano
commented on May 30, 2024
@iamMehedi got it! thanks. :)
from secured-preference-store.
nirvik66
commented on May 30, 2024
@mcassiano Hey, sorry for the delay! I created that branch before the library implemented the recovery mechanism. Now, I wouldn't use my fork, it's better to use the library!
from secured-preference-store.
Related Issues (20)
- Some help would be appreciated HOT 1
- Add ability to seed SecureRandom
- App Crashed in lollipop OS version with error "java.lang.IllegalStateException: Must call init() before using the store" HOT 2
- RSA Key Generation failed with "IllegalArgumentException: startDate == null" HOT 1
- Failed to init Secured Preference Store. Exception: java.lang.ClassCastException: java.lang.Integer cannot be cast to java.lang.String HOT 4
- Cannot connect to keystore HOT 1
- KeyStoreException Signature/MAC verification failed
- java.lang.NoClassDefFoundError: devliving.online.securedpreferencestore.Logger on Android APi 19 HOT 1
- Cipher not initialized issue sometimes(Once if i run the test case 10 times). HOT 1
- KeyStore exception in log on Android 9 device HOT 6
- llegalStateException: Must call init() before using the store HOT 4
- Should seedKey be stored securely? HOT 1
- AndroidManifest contains application label HOT 2
- [Question] - Sharing among multiple apps HOT 3
- Getting encrypted value when using OnSharedPreferenceChangeListener HOT 2
- AES only supported by Android API 23+
- anr when generateAESKey and call mStore.containsAlias(AES_KEY_ALIAS)
- Very long strings are not stored
- "Key not yet valid" on device HOT 1
- Alternative to this library? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secured-preference-store.