search

martinkasa / capacitor-secure-storage-plugin

Capacitor plugin for storing string values securly on iOS and Android.
MIT License
153 stars 55 forks source link

Why is this plugin using asymmetric encryption? #12

Closed BorntraegerMarc closed 4 years ago

BorntraegerMarc commented 4 years ago

Based on the use cases provided by this plugin it might be easier & faster (in my opinion) to use symmetric AES 256-bit encryption.

That's why I was wondering why we are using an asymmetric encryption? As illustrated here: https://github.com/martinkasa/capacitor-secure-storage-plugin/blob/master/android/src/main/java/com/whitestein/securestorage/PasswordStorageHelper.java#L167 & here: https://github.com/martinkasa/capacitor-secure-storage-plugin/blob/master/android/src/main/java/com/whitestein/securestorage/PasswordStorageHelper.java#L197

martinkasa commented 4 years ago

As is stated in https://github.com/martinkasa/capacitor-secure-storage-plugin#android-1

RSA is well suited to encrypt small blocks of data, such as passwords and AES keys. However, when it comes to encrypting large amounts of data, this algorithm is a poor choice because of its performance, while something like AES, for example, is way faster.

I am not saying AES is worse. Users who use this plugin would have to migrate data somehow if we change encryption algorythm. Do you have some real issues using current RSA?

BorntraegerMarc commented 4 years ago

Got it. Thanks :)

I am not saying AES is worse. Users who use this plugin would have to migrate data somehow if we change encryption algorythm. Do you have some real issues using current RSA?

We are developing a medical chat app and laws like GDPR force us to encrypt as much data as possible in our app.

So yeah, we would like to use this plugin to encrypt multiple megabytes of data: Basically all messages, chat data, etc.

So using slow RSA is not really performant enough for us :) But I guess you developed this plugin with the intention to "only" secure user passwords and other small amount of data?

martinkasa commented 4 years ago

Yes, it is meant to store passwords/tokens.

BorntraegerMarc commented 4 years ago

Thanks for your answers!

mburger81 commented 1 year ago

@BorntraegerMarc do you have found another way to store data more performant and secure maybe even with another plugin, still for capacitor?

BorntraegerMarc commented 1 year ago

@mburger81 we ended up implementing it ourselves - wasn’t that hard

mburger81 commented 1 year ago

@BorntraegerMarc is this working much faster? I mean we experiencing some times after a few GET or SET that a read or write takes like 10 seconds on a android devices? Do you see this problems too?

It's like after a few requests the plugin is freezing, or like its in a deadlock or something like this