nic0lette
commented
4 years ago Hi,
Is this key destroyed on upgrade?
No, the key remains through upgrades.
On uninstall?
The key is deleted when the app is deleted. It's also deleted if the user goes in and clears the app's data.
Can we rotate it? Should we?
Key rotation isn't supported at the moment, but the use-case for Jetpack Security is encrypting at-rest data with a device specific key. Since the key is never shared off of the device (and not even outside the Trusted Execution Environment), the risk of exposing it is pretty low to need to rotate it.
The sub-keys used by Tink can be rotated using Tink’s API directly.
I'm also curious what the mechanism is to stop hackers calling this same function to get the master key?
They'd have to execute that function from within your app's VM (as the same user/package). If they can do that, it would be easier to simply wait for the app to decrypt the data and read it out of memory.
Tying the key to a user credential, like biometrics, makes this key harder to access by an attacker.
CarsonRedeye
In the FileLocker app, a master key is generated with the function
getOrCreate(..). I assume this generates one global key for the app. Is this key destroyed on upgrade? On uninstall? Can we rotate it? Should we? I'm also curious what the mechanism is to stop hackers calling this same function to get the master key?