Closed void99 closed 9 years ago
scottyab
commented
9 years ago Thanks @void99, i seem to of missed the fact that AesCbcWithIntegrity.generateKeyFromPassword is running Base64.decode(). I wonder why the LG's are an issue can you see what getDeviceSerialNumber(context) is returning? Also which LG phones? g3, g4?
void99
commented
9 years ago We've seen this on LG G2 (code: L-01F (g2)) phones running Android 5.0.2. Unfortunately I have no acces to the device to test against it...
scottyab
commented
9 years ago This fix will included in v0.1.4 release, just waiting for dependancy to be propagated on maven central before release.
I'm using Your library version 0.1.0, but looking through the code I think this might be a problem with other versions too. Just noticed this in crash report today in google play console:
java.lang.IllegalArgumentException: bad base-64 at android.util.Base64.decode(Base64.java:161) at android.util.Base64.decode(Base64.java:136) at android.util.Base64.decode(Base64.java:118) at com.tozny.crypto.android.AesCbcWithIntegrity.generateKeyFromPassword(AesCbcWithIntegrity.java:188) at com.securepreferences.SecurePreferences.(SecurePreferences.java:160)
I'm creating secure prefs object using SecurePreferences(Context context, final String password, final String sharedPrefFilename) constructor and then IllegalArgumentException is thrown. Seems like salt passed to AesCbcWithIntegrity.generateKeyFromPassword(String password, String salt) is not always valid base64 string. The string passed as salt is generated with getDeviceSerialNumber(context) method. I think problem lies here - does this method always returns valid base64 string? Not all devices are affected. I've just noticed this on some LG phones with Android 5.0.