search

patrickfav / armadillo

A shared preference implementation for confidential data in Android. Per default uses AES-GCM, BCrypt and HKDF as cryptographic primitives. Uses the concept of device fingerprinting combined with optional user provided passwords and strong password hashes.
https://favr.dev/opensource/armadillo
Apache License 2.0
281 stars 52 forks source link

"Exception at.favre.lib.armadillo.AuthenticatedEncryptionException: could not decrypt" on some Android 14 devices #57

Open emgallo-arch-sudo opened 1 month ago

emgallo-arch-sudo commented 1 month ago

Hello, we are facing a weird issue with a mobile app for our client distributed on Google Play Store. At startup, the app initializes armadillo library v1.0.0 and use it to get some data from shared preferences.

On some devices, mainly on Samsung and Android 14, the app crashes instantly once started and it happens when it tries to read from shared preferences. Specifically in the stack trace we see: Caused by at.favre.lib.armadillo.SecureSharedPreferenceCryptoException: at at.favre.lib.armadillo.SimpleRecoveryPolicy.handleBrokenContent (SimpleRecoveryPolicy.java:36) at at.favre.lib.armadillo.SecureSharedPreferences.decrypt (SecureSharedPreferences.java:550) at at.favre.lib.armadillo.SecureSharedPreferences.getString (SecureSharedPreferences.java:152)

From Google Play Console, we see the following stack trace that cause the exception above: Caused by at.favre.lib.armadillo.EncryptionProtocolException: at.favre.lib.armadillo.AuthenticatedEncryptionException: could not decrypt at at.favre.lib.armadillo.DefaultEncryptionProtocol.decrypt (DefaultEncryptionProtocol.java:154) at at.favre.lib.armadillo.SecureSharedPreferences.decrypt (SecureSharedPreferences.java:548) Caused by at.favre.lib.armadillo.AuthenticatedEncryptionException: could not decrypt at at.favre.lib.armadillo.AesGcmEncryption.decrypt (AesGcmEncryption.java:111) at at.favre.lib.armadillo.DefaultEncryptionProtocol.decrypt (DefaultEncryptionProtocol.java:152) Caused by javax.crypto.AEADBadTagException: error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT at java.lang.reflect.Constructor.newInstance0 at java.lang.reflect.Constructor.newInstance (Constructor.java:343) at com.android.org.conscrypt.OpenSSLAeadCipher.throwAEADBadTagExceptionIfAvailable (OpenSSLAeadCipher.java:320) at com.android.org.conscrypt.OpenSSLAeadCipher.doFinalInternal (OpenSSLAeadCipher.java:371) at com.android.org.conscrypt.OpenSSLCipher.engineDoFinal (OpenSSLCipher.java:374) at javax.crypto.Cipher.doFinal (Cipher.java:2114) at at.favre.lib.armadillo.AesGcmEncryption.decrypt (AesGcmEncryption.java:109)

Even uninstalling and re-installing the app does not solve the problem.

Any clue on this?

emgallo-arch-sudo commented 1 month ago

@patrickfav any idea?