Issue storing/retrieving long strings on Android

[rgreen33]

I am attempting to store/retrieve Azure AD Refresh Tokens. I would prefer to be able to use RSA with biometrics, however, I am running into Issue #262. So, I have attempted to use AES and FB. Unfortunately, on Android, I am getting the following errors with the various STORAGE_TYPE:

• RSA (on setGenericPassword) -- [Error: I/O error: javax.crypto.IllegalBlockSizeException: input must be under 384 bytes]. (same as Issue #262)

• AES (on getGenericPassword) -- [SyntaxError: JSON Parse error: Unterminated string]

• FB (on getGenericPassword) -- [SyntaxError: JSON Parse error: Unterminated string]

Note: iOS works as expected. I can store/retrieve these same Azure AD Refresh Tokens on iOS without any issues.

Does anyone know of a workaround for this. As mentioned above, I ultimately need for this to work with RSA (and biometrics).

Thank you for your help and input, Ricky

[rgreen33]

I just wanted to pass along some additional information on this issue (how to reproduce the issue). I am using the code found below. The string is a simple (but long) string...which is similar in length to the JSON.stringified token that I am actually attempting to store/retrieve from the Android Keystore. If you attempt to store/retrieve the below string, you will see the exact issue that I am facing. The returned value contains garbage in the middle of the string. I am sitting this same behavior when I attempt to store/retrieve my JSON.stringified token (of course, JSON.parse on retrieval). Has anyone found a workaround for this? Everything is working fine on iOS. This issue only occurs on Android.

  let accessToken = 'abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-abcdefghijklmnopqrstuvwxyz-ABCDEFGHIJKLMNOPQRSTUVWXYZ-';

await Keychain.setGenericPassword( accessToken, refreshToken, { service: ‘myServiceName, accessible: Keychain.ACCESSIBLE.WHEN_UNLOCKED, accessControl: Keychain.ACCESS_CONTROL.BIOMETRY_CURRENT_SET_OR_DEVICE_PASSCODE, rules: Platform.OS === 'android' ? Keychain.STORAGE_TYPE.NONE : null, storage: Platform.OS === 'android' ? Keychain.STORAGE_TYPE.AES : null, securityLevel: Platform.OS === 'android' ? Keychain.SECURITY_LEVEL.ANY : null, } );

[rgreen33]

@sebk: Thank you for the feedback. I was finally able to get this to work for me...but, not real happy with the solution. Essentially, I split the token into multiple parts (as you suggested on #262). In order to get the biometrics to work (only fire once), I stored the shortest part of the token in RSA, with all other parts stored in AES. Obviously, I had to rebuild the token upon retrieval. It is a bit of a pain and a little clunky, but it does work...just not as seamless on Android, as it is on iOS.

[AlphaJuliettOmega]

Unsure exactly what's going on but on my Huawei p8 Lite, the keychain 'saves'

but on retrieval it's literally empty...

unless I disable biometrics on my device, after which it works... sometimes

This library been driving me insane for about 3 months, on Android 7 specifically the 'retrievePassword' is never guaranteed to work, the keychain 'succeeds' with an empty result most of the time, sometimes fails silently, sometimes works(once) if I deactivate and reactivate Biometry (fingerprint) in device settings.

Effectively the only way to use this library seems to be to disable biometry completely for Android 7 / <API 25(api 25 is a guess here, because of the message about Strongbox Security)

This is the most painful bug I've ever encountered.

[ShepSims]

This is still happening for me, has anyone come up with a solution?