search

ophio / secure-preferences

Android secure shared preferences using Android Keystore system
https://medium.com/@vashisthg/android-secure-shared-preferences-10f8356a4c2b
Apache License 2.0
348 stars 56 forks source link

Won't work when user will change security code/schema... #10

Open ghost opened 9 years ago

ghost commented 9 years ago

Hello,

Nice library, but because of an Android behavior, this library as well as any implementation of the AndroidKeyStore API won't work for any user which will change his security schema/PIN code.

Link of the Android behavior: https://code.google.com/p/android/issues/detail?id=61989

On my LG D855 here the stack trace:

07-18 12:26:03.749  18552-18552/in.co.ophio.secure.sample E/AndroidRuntime﹕ FATAL EXCEPTION: main
    Process: in.co.ophio.secure.sample, PID: 18552
    java.lang.RuntimeException: Unable to start activity ComponentInfo{in.co.ophio.secure.sample/in.co.ophio.secure.sample.view.MainActivity}: java.lang.IllegalStateException: java.security.InvalidKeyException: javax.crypto.BadPaddingException: error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02
            at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2305)
            at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2367)
            at android.app.ActivityThread.access$800(ActivityThread.java:148)
            at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1283)
            at android.os.Handler.dispatchMessage(Handler.java:102)
            at android.os.Looper.loop(Looper.java:135)
            at android.app.ActivityThread.main(ActivityThread.java:5274)
            at java.lang.reflect.Method.invoke(Native Method)
            at java.lang.reflect.Method.invoke(Method.java:372)
            at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:909)
            at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:704)
     Caused by: java.lang.IllegalStateException: java.security.InvalidKeyException: javax.crypto.BadPaddingException: error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02
            at in.co.ophio.secure.core.KeyStoreKeyGenerator.<init>(KeyStoreKeyGenerator.java:51)
            at in.co.ophio.secure.core.KeyStoreKeyGenerator.get(KeyStoreKeyGenerator.java:56)
            at in.co.ophio.secure.sample.module.AppModule.provideKeyGenerator(AppModule.java:36)
            at in.co.ophio.secure.sample.module.AppModule_ProvideKeyGeneratorFactory.get(AppModule_ProvideKeyGeneratorFactory.java:18)
            at in.co.ophio.secure.sample.module.AppModule_ProvideKeyGeneratorFactory.get(AppModule_ProvideKeyGeneratorFactory.java:7)
            at dagger.internal.ScopedProvider.get(ScopedProvider.java:46)
            at in.co.ophio.secure.sample.util.KeystoreAccountUtils_MembersInjector.injectMembers(KeystoreAccountUtils_MembersInjector.java:26)
            at in.co.ophio.secure.sample.util.KeystoreAccountUtils_MembersInjector.injectMembers(KeystoreAccountUtils_MembersInjector.java:9)
            at in.co.ophio.secure.sample.module.DaggerAppComponent.inject(DaggerAppComponent.java:66)
            at in.co.ophio.secure.sample.util.KeystoreAccountUtils.<init>(KeystoreAccountUtils.java:33)
            at in.co.ophio.secure.sample.module.AppModule.provideAccountUtils(AppModule.java:32)
            at in.co.ophio.secure.sample.module.AppModule_ProvideAccountUtilsFactory.get(AppModule_ProvideAccountUtilsFactory.java:18)
            at in.co.ophio.secure.sample.module.AppModule_ProvideAccountUtilsFactory.get(AppModule_ProvideAccountUtilsFactory.java:7)
            at dagger.internal.ScopedProvider.get(ScopedProvider.java:46)
            at in.co.ophio.secure.sample.view.MainActivity_MembersInjector.injectMembers(MainActivity_MembersInjector.java:27)
            at in.co.ophio.secure.sample.view.MainActivity_MembersInjector.injectMembers(MainActivity_MembersInjector.java:9)
            at in.co.ophio.secure.sample.module.DaggerAppComponent.inject(DaggerAppComponent.java:56)
            at in.co.ophio.secure.sample.view.MainActivity.onCreate(MainActivity.java:26)
            at android.app.Activity.performCreate(Activity.java:5977)
            at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1105)
            at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2258)
            at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2367)
            at android.app.ActivityThread.access$800(ActivityThread.java:148)
            at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1283)
            at android.os.Handler.dispatchMessage(Handler.java:102)
            at android.os.Looper.loop(Looper.java:135)
            at android.app.ActivityThread.main(ActivityThread.java:5274)
            at java.lang.reflect.Method.invoke(Native Method)
            at java.lang.reflect.Method.invoke(Method.java:372)
            at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:909)
            at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:704)
     Caused by: java.security.InvalidKeyException: javax.crypto.BadPaddingException: error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02
            at com.android.org.conscrypt.OpenSSLCipherRSA.engineUnwrap(OpenSSLCipherRSA.java:340)
            at javax.crypto.Cipher.unwrap(Cipher.java:1545)
            at in.co.ophio.secure.vault.SecretKeyWrapper.unwrap(SecretKeyWrapper.java:112)
            at in.co.ophio.secure.core.KeyStoreKeyGenerator.loadOrGenerateKeys(KeyStoreKeyGenerator.java:78)
            at in.co.ophio.secure.core.KeyStoreKeyGenerator.<init>(KeyStoreKeyGenerator.java:46)
            at in.co.ophio.secure.core.KeyStoreKeyGenerator.get(KeyStoreKeyGenerator.java:56)
            at in.co.ophio.secure.sample.module.AppModule.provideKeyGenerator(AppModule.java:36)
            at in.co.ophio.secure.sample.module.AppModule_ProvideKeyGeneratorFactory.get(AppModule_ProvideKeyGeneratorFactory.java:18)
            at in.co.ophio.secure.sample.module.AppModule_ProvideKeyGeneratorFactory.get(AppModule_ProvideKeyGeneratorFactory.java:7)
            at dagger.internal.ScopedProvider.get(ScopedProvider.java:46)
            at in.co.ophio.secure.sample.util.KeystoreAccountUtils_MembersInjector.injectMembers(KeystoreAccountUtils_MembersInjector.java:26)
            at in.co.ophio.secure.sample.util.KeystoreAccountUtils_MembersInjector.injectMembers(KeystoreAccountUtils_MembersInjector.java:9)
            at in.co.ophio.secure.sample.module.DaggerAppComponent.inject(DaggerAppComponent.java:66)
            at in.co.ophio.secure.sample.util.KeystoreAccountUtils.<init>(KeystoreAccountUtils.java:33)
            at in.co.ophio.secure.sample.module.AppModule.provideAccountUtils(AppModule.java:32)
            at in.co.ophio.secure.sample.module.AppModule_ProvideAccountUtilsFactory.get(AppModule_ProvideAccountUtilsFactory.java:18)
            at in.co.ophio.secure.sample.module.AppModule_ProvideAccountUtilsFactory.get(AppModule_ProvideAccountUtilsFactory.java:7)
            at dagger.internal.ScopedProvider.get(ScopedProvider.java:46)
            at in.co.ophio.secure.sample.view.MainActivity_MembersInjector.injectMembers(MainActivity_MembersInjector.java:27)
            at in.co.ophio.secure.sample.view.MainActivity_MembersInjector.injectMembers(MainActivity_MembersInjector.java:9)
            at in.co.ophio.secure.sample.module.DaggerAppComponent.inject(DaggerAppComponent.java:56)
            at in.co.ophio.secure.sample.view.MainActivity.onCreate(MainActivity.java:26)
            at android.app.Activity.performCreate(Activity.java:5977)
            at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1105)
            at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2258)
            at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2367)
            at android.app.ActivityThread.access$800(ActivityThread.java:148)
            at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1283)
            at android.os.Handler.dispatchMessage(Handler.java:102)
            at android.os.Looper.loop(Looper.java:135)
            at android.app.ActivityThread.main(ActivityThread.java:5274)
            at java.lang.reflect.Method.invoke(Native Method)
            at java.lang.reflect.Method.invoke(Method.java:372)
            at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:909)
            at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:704)
     Caused by: javax.crypto.BadPaddingException: error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02
            at com.android.org.consc

This should be known, so I wrote that :)

vashisthg commented 9 years ago

Thanks for reminding us. There is no way around this. Hope this gets fixed or documented in the future versions of Android. There is a nice explanation here http://doridori.github.io/android-security-the%20forgetful-keystore/.

Android M developer preview have some changes to Keystore Provider: https://developer.android.com/preview/behavior-changes.html#behavior-keystore

ghost commented 9 years ago

If you are aware about that it's ok. I strongly recommand you, if you are interesting in this topic to have a look at : http://nelenkov.blogspot.com/2015/06/keystore-redesign-in-android-m.html

Many of this articles are very interesting. But I'm strongly agree with you, that a better documentation should be defined on Android side here.