search

openfoodfacts / smooth-app

🤳🥫 The new Open Food Facts mobile application for Android and iOS, crafted with Flutter and Dart
https://world.openfoodfacts.org/open-food-facts-mobile-app?utm_source=off&utf_medium=web&utm_campaign=github-repo
Apache License 2.0
853 stars 282 forks source link

PlatformException: PlatformException(Exception encountered, read, javax.crypto.BadPaddingException: error:1e000065:C... #1121

Closed sentry-io[bot] closed 2 years ago

sentry-io[bot] commented 2 years ago

Sentry Issue: SMOOTHIE-SZ

PlatformException: PlatformException(Exception encountered, read, javax.crypto.BadPaddingException: error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT
    at com.android.org.conscrypt.NativeCrypto.EVP_CipherFinal_ex(Native Method)
    at com.android.org.conscrypt.OpenSSLEvpCipher.doFinalInternal(OpenSSLEvpCipher.java:152)
    at com.android.org.conscrypt.OpenSSLCipher.engineDoFinal(OpenSSLCipher.java:374)
    at javax.crypto.Cipher.doFinal(Cipher.java:2055)
    at e.e.a.e.b.b(StorageCipher18Implementation.java:7)
    at e.e.a.d.m(FlutterSecureStoragePlugin.java:2)
    at e.e.a.d.t(FlutterSecureStoragePlugin.java:2)
    at e.e.a.d.f(FlutterSecureStoragePlugin.java:1)
    at e.e.a.d$b.run(FlutterSecureStoragePlugin.java:25)
    at android.os.Handler.handleCallback(Handler.java:938)
    at android.os.Handler.dispatchMessage(Handler.java:99)
    at android.os.Looper.loopOnce(Looper.java:226)
    at android.os.Looper.loop(Looper.java:313)
    at android.os.HandlerThread.run(HandlerThread.java:67)
, null)
  File "user_management_helper.dart", line 46, in UserManagementHelper.mountCredentials
M123-dev commented 2 years ago

So what happend is: I logged in on the playstore version and then installed a debug apk with flutter run which has overwritten the old one which probably causes the decryption to fail. We should catch these kind of erros, delete the credentials and show a snackbar that you got logged out

monsieurtanuki commented 2 years ago

@M123-dev It's a developer's problem, not a real life one. I'm surprised flutter even allowed you to overwrite a version: Android would not mix a Play Store and a dev version and would not install.

M123-dev commented 2 years ago

No really overwriting, it is like a new install but it keeps the app data but removes all references to the playstore etc and since the decryption fails we can see that its still secure, but maybe this also happens in other cases for example when someone migrates all data to a new phone or something so a little check does no harm