search

martinkasa / capacitor-secure-storage-plugin

Capacitor plugin for storing string values securly on iOS and Android.
MIT License
155 stars 56 forks source link

Silently crash when storing string with more than 256 bytes #4

Closed Rajarml closed 4 years ago

Rajarml commented 4 years ago

Trying to store (encryptedly) a long string (for instance a JWT token of 2075 chars).

When debugging the process, the issue lies in the "encrypt" function of PasswordStorageHelper_SDK18 class.

javax.crypto.IllegalBlockSizeException: input must be under 256 bytes
        at com.android.org.conscrypt.OpenSSLCipherRSA.engineDoFinal(OpenSSLCipherRSA.java:299)
        at javax.crypto.Cipher.doFinal(Cipher.java:2055)
        at com.whitestein.securestorage.PasswordStorageHelper$PasswordStorageHelper_SDK18.encrypt(PasswordStorageHelper.java:313)
        at com.whitestein.securestorage.PasswordStorageHelper$PasswordStorageHelper_SDK18.setData(PasswordStorageHelper.java:254)
        at com.whitestein.securestorage.PasswordStorageHelper.setData(PasswordStorageHelper.java:70)
        at com.whitestein.securestorage.SecureStoragePlugin.set(SecureStoragePlugin.java:27)
        at java.lang.reflect.Method.invoke(Native Method)
        at com.getcapacitor.PluginHandle.invoke(PluginHandle.java:99)
        at com.getcapacitor.Bridge$2.run(Bridge.java:526)
        at android.os.Handler.handleCallback(Handler.java:873)
        at android.os.Handler.dispatchMessage(Handler.java:99)
        at android.os.Looper.loop(Looper.java:193)
        at android.os.HandlerThread.run(HandlerThread.java:65)

A work around from the web side, could be splitting the long string into smaller one (245bytes in fact) but this should not be necessary!

Rajarml commented 4 years ago

After some search, additional data:

Rajarml commented 4 years ago

Is the maintainer @martinkasa still here?

martinkasa commented 4 years ago

Hi, thanks for reporting issue, I will look at it asap.

martinkasa commented 4 years ago

@Rajarml please test release 0.3.0 and let me know if it works. Also do not forget to update Capacitor to 1.3.0. I had some issues on 1.2.1 with blocking messaging between web and native.

martinkasa commented 4 years ago

Closing the issue. @Rajarml if you have still problem with saving long values, I will reopen it.

Rajarml commented 4 years ago

In fact I've done what was needed (Android only) for splitting the long string into 245 max bytes chunks from the angular side, then I encrypt those chunks, I store the needed sorted keys in the localStorage. And do the reverse for the decryption :) I'm on something else so I don't know if I could test it again