Open Eldar2021 opened 1 year ago
We don't have to replace this, luckily. :) We can remove it soon because it was only used to symmetrically encrypt the private key of accounts in the usual preferences storage. Now, that we can encryptedly store these keys in the flutter secure storage, we don't have to manually encrypt them.
I think the only thing that is missing is to safely migrate from the old double-encrypted procedure (aes + secure storage) to encrypting it only once - simply by removing the AES encryption. We just have to be super careful that the users that update don't lose access to their private keys. ;)
It is technically no longer needed after #1614. However, because we need to be able to migrate accounts from old versions to new versions have to maintain this part of the app for a while, at least 6 months I would say.
v1.12.0 released on the 31.01.2024 has removed account encryption with AES, but as explained above, we have to keep it around for decryption of old accounts for a while.
Old package aes_ecb_pkcs5_flutter.