search

patrickfav / armadillo

A shared preference implementation for confidential data in Android. Per default uses AES-GCM, BCrypt and HKDF as cryptographic primitives. Uses the concept of device fingerprinting combined with optional user provided passwords and strong password hashes.
https://favr.dev/opensource/armadillo
Apache License 2.0
281 stars 52 forks source link

Feat/enhanced change listener #47

Closed davidgarciaanton closed 5 years ago

davidgarciaanton commented 5 years ago

As EncryptionProtocol is not accessible and there may be the requirement to respond only to specific keys changed, and the regular SharedPreferences.OnPreferenceChangeListener callback isn't enough as we get the stored version of the key, witch we cannot compare against constants.

I've created a specific OnSecurePreferenceChangeListener that gives a facility to at least compare the changed key against some arbitrary string.

I don't know in terms of security of implementation if this is the best way to achieve this. Please let me know if you think of another way more secure

patrickfav commented 5 years ago

Thanks for the PR. I will review it in the next days!

davidgarciaanton commented 5 years ago

I'll try to give it another round when't I find a moment to it. Thanks for taking your time to review!

davidgarciaanton commented 5 years ago

Hi @patrickfav I've updated the PR with some of the corrections you requested, and added some Unit and Integration tests.

Let me know if I missed something.

patrickfav commented 5 years ago

LGTM.