search

mjwheatley / cordova-plugin-android-fingerprint-auth

A cordova plugin for fingerprint authentication using the hardware fingerprint scanner on devices running Android 6+
Apache License 2.0
168 stars 131 forks source link

BAD_PADDING_EXCEPTION after reinstall #146

Closed AlibekJ closed 4 years ago

AlibekJ commented 4 years ago

So, I encrypt with certain username-password:

FingerprintAuth.encrypt({
  clientId: "something",
  username: "username",
  password: "password"
})

Decrypting works fine:

FingerprintAuth.decrypt({
  clientId: "something",
  username: "username",
  token: "encrypted string"
})

Then I uninstall the app, install again, all the app data gets restored from google drive by the OS, cordova reports the same UUID, everything works as if the app was never uninstalled, except decrypting does does not work and throws BAD_PADDING_EXCEPTION.

I am supplying the very same data into the .decrypt method, yet it fails. Any ideas?

mjwheatley commented 4 years ago

My guess is that the cipher that was stored in the keystore was not backed up and you would need to re-encrypt to regenerate a new cipher to be saved to the keystore.

AlibekJ commented 4 years ago

What should I save? Would saving IV solve the problem you think?

AlibekJ commented 4 years ago

Answering my own question: storing they key components outside of the keystore solves this particular problem. However, as I realized after reflecting on the solution a bit, this defeats the whole purpose of using the secure, hardware-assisted keystore.