While investigating issues #35, #36 and #37 we discovered that the initialization vector (IV) for the PIN-derived encryption key used to encrypt/decrypt the secret belonging to an identity is set to NULL for new identities. This initialization vector is input for the encrypt/decrypt methods in SecretStore.m
Funnily enough, for existing pre-tiqr 2.0 identities that are upgraded by the app, the IV is set correctly in the method upgradeWithPIN in Identity+Utils.m.
The fix is to set a random IV when a new identity is created, and to upgrade existing identities that have their IV set to NULL using a versioning approach.
While investigating issues #35, #36 and #37 we discovered that the initialization vector (IV) for the PIN-derived encryption key used to encrypt/decrypt the secret belonging to an identity is set to NULL for new identities. This initialization vector is input for the encrypt/decrypt methods in SecretStore.m
Funnily enough, for existing pre-tiqr 2.0 identities that are upgraded by the app, the IV is set correctly in the method upgradeWithPIN in Identity+Utils.m.
The fix is to set a random IV when a new identity is created, and to upgrade existing identities that have their IV set to NULL using a versioning approach.