search

aparajita / capacitor-secure-storage

Secure, flexible storage for Capacitor apps using iOS Keychain and Android Keystore.
MIT License
108 stars 15 forks source link

bug: setEncryptionKey crashes app #4

Closed rgbaman closed 1 year ago

rgbaman commented 1 year ago

Bug report

Capacitor version

Latest Dependencies:

  @capacitor/cli: 4.7.0
  @capacitor/core: 4.7.0
  @capacitor/android: 4.7.0
  @capacitor/ios: 4.7.0

Installed Dependencies:

  @capacitor/cli: 4.7.0
  @capacitor/core: 4.7.0
  @capacitor/android: 4.7.0
  @capacitor/ios: 4.7.0

Platform(s)

Only tested on web so far.

Current behavior

I am using Angular and when following the documentation to get or set data by using setEncryptionKey it crashes the app.

There are no warnings (other than by not including the setEncryptionKey which throws the expected encryptionKeyNotSet error), it just crashes the browser.

Expected behavior

The plugin should call the setEncryptionKey property and use this to get the information stored in localStorage. Perhaps the property for get should be renamed to getEncryptionKey?

Code reproduction

Setting seems to work perfectly fine:

async set(key: any, value: any): Promise<any> {
    await SecureStorage.setEncryptionKey('abc123').then(async () => {
      const data = await SecureStorage.set(key, value);
      return data;
  });
}

The crash occurs when getting:

async get(key: string): Promise<any> {
    await SecureStorage.setEncryptionKey('abc123').then(async () => {
      const data = await SecureStorage.get(key);
      return data;
  });
}

Other technical details

npm --version output: 9.5.0

node --version output: v16.18.0

aparajita commented 1 year ago

I no longer support encryption on the web, since it would be incredibly easy for a hacker to find the encryption key in the source code. Supporting actual secure storage on the web is beyond the scope of this plugin, since it is really designed for native mobile usage. setEncryptionKey was a web-only method which has been removed. Problem solved!