search

Baseflow / flutter_cache_manager

Generic cache manager for flutter
https://baseflow.com
MIT License
739 stars 426 forks source link

How to encrypt cached web responses #329

Closed sha3rawi33 closed 2 years ago

sha3rawi33 commented 2 years ago

is it possible by any chance to handle the response from the server and encrypt it then cache it encrypted?

I'll be caching sensitive data so I don't need them in plain text; I've 2 functions; one to encrypt and one to decrypt. I will be able to decrypt the string I get from the file; but how to cache the response encrypted firstly ??

YuriHeiko commented 2 years ago

You can store encrypted data in the Firebase storage instead

sha3rawi33 commented 2 years ago

@YuriHeiko I need it to be saved locally for offline usage

YuriHeiko commented 2 years ago

@sha3rawi33 I still cannot see the issue - encrypt data when you send it to the storage, retrieve it encrypted to the cache and decrypt after you get it from the cache

sha3rawi33 commented 2 years ago

Like this code:

 File cacheFile = await DefaultCacheManager().getSingleFile(url);
      response = cacheFile.readAsStringSync();
      extractedData = json.decode(response) as List;

the cache is saved automatically in the await DefaultCacheManager().getSingleFile(url) step; how can I encrypt it before it is saved to the file ?

sha3rawi33 commented 2 years ago

@YuriHeiko I mean; when I use this method; the response is saved as a JSON file in the cache folder automatically; how can I control that response text before it is saved? I know how to encrypt/decrypt. but I can't handle the response text before it is saved as it is done automatically.

YuriHeiko commented 2 years ago

@sha3rawi33 Do you make requests to a third-party service? My point is if you are storing data to that backend service then it would be easier to store already encrypted data. Then you will have data encrypted in the cache as well. If you are using a third-party service you will need to somehow intercept HTTP requests and change data on that stage. I think it would be easier to create the extension point in the current package

sha3rawi33 commented 2 years ago

@YuriHeiko aha I got your point; i should now edit my API simply to encrypt data before being sent to the app; so it is cached encrypted in the app; and when I use it; I just decrypt it using my key.

nice solution; gonna consider it if I didn't find another one related to the package itself. thanks!

renefloor commented 2 years ago

@sha3rawi33 I think it is indeed best to use to put and get functions of the cache manager to put and get the encrypted data and handle encryption yourself.

Closing this for now. If you have any other questions please reopen it.