search

encointer / encointer-wallet-flutter

Encointer mobile wallet flutter implementation
https://encointer.org
Apache License 2.0
21 stars 15 forks source link

Replace `aes_ecb_pkcs5_flutter` with alternative package #1460

Open Eldar2021 opened 1 year ago

Eldar2021 commented 1 year ago

Old package aes_ecb_pkcs5_flutter.

clangenb commented 1 year ago

We don't have to replace this, luckily. :) We can remove it soon because it was only used to symmetrically encrypt the private key of accounts in the usual preferences storage. Now, that we can encryptedly store these keys in the flutter secure storage, we don't have to manually encrypt them.

I think the only thing that is missing is to safely migrate from the old double-encrypted procedure (aes + secure storage) to encrypting it only once - simply by removing the AES encryption. We just have to be super careful that the users that update don't lose access to their private keys. ;)

clangenb commented 9 months ago

It is technically no longer needed after #1614. However, because we need to be able to migrate accounts from old versions to new versions have to maintain this part of the app for a while, at least 6 months I would say.

clangenb commented 8 months ago

v1.12.0 released on the 31.01.2024 has removed account encryption with AES, but as explained above, we have to keep it around for decryption of old accounts for a while.