sameerkapps
commented
6 years ago AFAIK, you will need to call the ProviderInstaller.InstallIfNeeded, only if you are supporting devices < API 20 (ref: https://stackoverflow.com/questions/33112340/how-do-i-enable-tlsv1-1-on-xamarin-android-api-16-19). AndroidKeyStore is supported at or above API 18. If you are supporting devices with version < API 18, I would recommend using SecureStorageImplementation.StorageType = StorageTypes.PasswordProtectedFile; and Build.Serial as password, if there is no string obfuscation. Or your custom password with obfuscation.
cunnpole
When using with Xamarin.GooglePlayServices.SafetyNet.60.1142.1 on Android 4 (including 4.4.3) the following method fails: CrossSecureStorage.Current.GetValue("SessionToken");
it was previously set with CrossSecureStorage.Current.SetValue("SessionToken", "passphrase");
It works fine until I add the following line to the start of the OnCreate method of my main activity: Android.Gms.Security.ProviderInstaller.InstallIfNeeded(this);
Without that it works fine, but then older version of android are stuck without TLS1.1+ support and a whole load of other improvements.
Stack Trace: Java.Security.InvalidKeyException: Unsupported key size: 24 bytes (must be 16 or 32) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw () [0x0000c] in:0
at Java.Interop.JniEnvironment+InstanceMethods.CallNonvirtualVoidMethod (Java.Interop.JniObjectReference instance, Java.Interop.JniObjectReference type, Java.Interop.JniMethodInfo method, Java.Interop.JniArgumentValue args) [0x00089] in <7802aa64ad574c33adca332a3fa9706a>:0
at Java.Interop.JniPeerMembers+JniInstanceMethods.InvokeNonvirtualVoidMethod (System.String encodedMember, Java.Interop.IJavaPeerable self, Java.Interop.JniArgumentValue parameters) [0x0001f] in <7802aa64ad574c33adca332a3fa9706a>:0
at Javax.Crypto.Cipher.Init (Javax.Crypto.CipherMode opmode, Java.Security.IKey key, Java.Security.Spec.IAlgorithmParameterSpec params) [0x00073] in <263adecfa58f4c449f1ff56156d886fd>:0
at Plugin.SecureStorage.AndroidKeyStoreImplementation+AndroidKeyStore.Decrypt (System.Byte[] data) [0x0003c] in <32517fff446a4abfbff8b506c1031d3c>:0
at Plugin.SecureStorage.AndroidKeyStoreImplementation.GetValue (System.String key, System.String defaultValue) [0x0004e] in <32517fff446a4abfbff8b506c1031d3c>:0
at Plugin.SecureStorage.SecureStorageImplementation.GetValue (System.String key, System.String defaultValue) [0x00009] in <32517fff446a4abfbff8b506c1031d3c>:0
at MyWayDigitalHealth.MyDiabetesMyWay.Data.SQLiteFactory.Connection (System.Boolean upgrade) [0x00051] in C:\Code\MDMW\MDMW.DataLayer\SQLiteFactory.cs:100
at MyWayDigitalHealth.MyDiabetesMyWay.Data.SQLiteFactory..ctor (MyWayDigitalHealth.MyDiabetesMyWay.Common.IAppSpecific appSpecific, System.Boolean encrypt, System.Boolean tryUpgrade) [0x00017] in C:\Code\MDMW\MDMW.DataLayer\SQLiteFactory.cs:79
at MyWayDigitalHealth.MyDiabetesMyWay.App+<>c__DisplayClass8_0+<<-ctor>b__0>d.MoveNext () [0x0005e] in C:\Code\MDMW\MDMW\App.xaml.cs:41
--- End of managed Java.Security.InvalidKeyException stack trace ---
java.security.InvalidKeyException: Unsupported key size: 24 bytes (must be 16 or 32)
at com.google.android.gms.org.conscrypt.OpenSSLCipher$EVP_AEAD$AES.checkSupportedKeySize(:com.google.android.gms@12685004@12.6.85 (000308-197041431):3)
at com.google.android.gms.org.conscrypt.OpenSSLCipher.checkAndSetEncodedKey(:com.google.android.gms@12685004@12.6.85 (000308-197041431):5)
at com.google.android.gms.org.conscrypt.OpenSSLCipher.engineInit(:com.google.android.gms@12685004@12.6.85 (000308-197041431):7)
at javax.crypto.Cipher.init(Cipher.java:616)
at javax.crypto.Cipher.init(Cipher.java:566)
at dalvik.system.NativeStart.run(Native Method)