search

scottyab / secure-preferences

Android Shared preference wrapper than encrypts the values of Shared Preferences. It's not bullet proof security but rather a quick win for incrementally making your android app more secure.
1.53k stars 235 forks source link

NoSuchAlgorithmException: SecretKeyFactory PBKDF2WithHmacSHA1 implementation not found #35

Open albertovelazmoliner opened 9 years ago

albertovelazmoliner commented 9 years ago

I'm getting this internal crash in all users with Samsung SCH-I705 (Samsung Tab2 7") with Adnroid 4.1.2, in the line what I'm doing this: sPrefs = new SecurePreferences(context);

I'm importing the library in gradle file: compile 'com.scottyab:secure-preferences-lib:0.1.3'

Fatal Exception: java.lang.RuntimeException: Unable to create application com.fieldaware.app.FAApplication: java.lang.IllegalStateException: java.security.NoSuchAlgorithmException: SecretKeyFactory PBKDF2WithHmacSHA1 implementation not found at android.app.ActivityThread.handleBindApplication(ActivityThread.java) at android.app.ActivityThread.access$1400(ActivityThread.java) at android.app.ActivityThread$H.handleMessage(ActivityThread.java) at android.os.Handler.dispatchMessage(Handler.java) at android.os.Looper.loop(Looper.java) at android.app.ActivityThread.main(ActivityThread.java) at java.lang.reflect.Method.invokeNative(Method.java) at java.lang.reflect.Method.invoke(Method.java) at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java) at dalvik.system.NativeStart.main(NativeStart.java) Caused by java.lang.IllegalStateException: java.security.NoSuchAlgorithmException: SecretKeyFactory PBKDF2WithHmacSHA1 implementation not found at com.securepreferences.SecurePreferences.(Unknown Source) at com.securepreferences.SecurePreferences.(Unknown Source) at com.securepreferences.SecurePreferences.(Unknown Source) at com.fieldaware.app.utils.Settings.(Unknown Source) at com.fieldaware.app.FAApplication.onCreate(SourceFile) at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java) at android.app.ActivityThread.handleBindApplication(ActivityThread.java) at android.app.ActivityThread.access$1400(ActivityThread.java) at android.app.ActivityThread$H.handleMessage(ActivityThread.java) at android.os.Handler.dispatchMessage(Handler.java) at android.os.Looper.loop(Looper.java) at android.app.ActivityThread.main(ActivityThread.java) at java.lang.reflect.Method.invokeNative(Method.java) at java.lang.reflect.Method.invoke(Method.java) at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java) at dalvik.system.NativeStart.main(NativeStart.java) Caused by java.security.NoSuchAlgorithmException: SecretKeyFactory PBKDF2WithHmacSHA1 implementation not found at org.apache.harmony.security.fortress.Engine.notFound(Engine.java) at org.apache.harmony.security.fortress.Engine.getInstance(Engine.java) at javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java) at com.tozny.crypto.android.AesCbcWithIntegrity.generateKeyFromPassword(SourceFile) at com.tozny.crypto.android.AesCbcWithIntegrity.generateKeyFromPassword(SourceFile) at com.securepreferences.SecurePreferences.generateAesKeyName(SourceFile) at com.securepreferences.SecurePreferences.(Unknown Source) at com.securepreferences.SecurePreferences.(Unknown Source) at com.securepreferences.SecurePreferences.(Unknown Source) at com.fieldaware.app.utils.Settings.(Unknown Source) at com.fieldaware.app.FAApplication.onCreate(SourceFile) at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java) at android.app.ActivityThread.handleBindApplication(ActivityThread.java) at android.app.ActivityThread.access$1400(ActivityThread.java) at android.app.ActivityThread$H.handleMessage(ActivityThread.java) at android.os.Handler.dispatchMessage(Handler.java) at android.os.Looper.loop(Looper.java) at android.app.ActivityThread.main(ActivityThread.java) at java.lang.reflect.Method.invokeNative(Method.java) at java.lang.reflect.Method.invoke(Method.java) at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java) at dalvik.system.NativeStart.main(NativeStart.java)

No issues in others devices. Is there some workaround to avoid this issue? Thanks

cyberrob-zz commented 8 years ago

I got the same issue on

running Android 4.1.1 or Android 4.1.2 with secure-pref version 0.1.2.

Caused by java.lang.IllegalStateException: java.security.NoSuchAlgorithmException: SecretKeyFactory PBKDF2WithHmacSHA1 implementation not found
       at com.securepreferences.SecurePreferences.(Unknown Source)
       at com.securepreferences.SecurePreferences.(Unknown Source)
       at com.securepreferences.SecurePreferences.(Unknown Source)
       at solda.io.android.util.PrefUtils.getDefaultPreference(Unknown Source)
       at solda.io.android.util.PrefUtils.getProductsInShippingCart(Unknown Source)
       at solda.io.android.ui.activity.DrawerActivity.restoreShoppingCart(Unknown Source)
       at solda.io.android.ui.activity.DrawerActivity.onCreate(Unknown Source)
       at android.app.Activity.performCreate(Activity.java:5184)
       at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1083)
       at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2064)
       at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2125)
       at android.app.ActivityThread.access$600(ActivityThread.java:140)
       at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1227)
       at android.os.Handler.dispatchMessage(Handler.java:99)
       at android.os.Looper.loop(Looper.java:137)
       at android.app.ActivityThread.main(ActivityThread.java:4898)
       at java.lang.reflect.Method.invokeNative(Method.java)
       at java.lang.reflect.Method.invoke(Method.java:511)
       at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1006)
       at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:773)
       at dalvik.system.NativeStart.main(NativeStart.java)
Caused by java.security.NoSuchAlgorithmException: SecretKeyFactory PBKDF2WithHmacSHA1 implementation not found
       at org.apache.harmony.security.fortress.Engine.notFound(Engine.java:177)
       at org.apache.harmony.security.fortress.Engine.getInstance(Engine.java:151)
       at javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:108)
       at com.tozny.crypto.android.AesCbcWithIntegrity.keys(Unknown Source)
       at com.securepreferences.SecurePreferences.getSharedPreferenceFile(Unknown Source)
       at com.securepreferences.SecurePreferences.(Unknown Source)
       at com.securepreferences.SecurePreferences.(Unknown Source)
       at com.securepreferences.SecurePreferences.(Unknown Source)
       at solda.io.android.util.PrefUtils.getDefaultPreference(Unknown Source)
       at solda.io.android.util.PrefUtils.getProductsInShippingCart(Unknown Source)
       at solda.io.android.ui.activity.DrawerActivity.restoreShoppingCart(Unknown Source)
       at solda.io.android.ui.activity.DrawerActivity.onCreate(Unknown Source)
       at android.app.Activity.performCreate(Activity.java:5184)
       at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1083)
       at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2064)
       at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2125)
       at android.app.ActivityThread.access$600(ActivityThread.java:140)
       at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1227)
       at android.os.Handler.dispatchMessage(Handler.java:99)
       at android.os.Looper.loop(Looper.java:137)
       at android.app.ActivityThread.main(ActivityThread.java:4898)
       at java.lang.reflect.Method.invokeNative(Method.java)
       at java.lang.reflect.Method.invoke(Method.java:511)
       at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1006)
       at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:773)
       at dalvik.system.NativeStart.main(NativeStart.java)

Is there anyway we can choose which implementation to use based on Android version?

cyberrob-zz commented 8 years ago

@scottyab is this related? https://github.com/tozny/java-aes-crypto/issues/9

scottyab commented 8 years ago

Hey @cyberrob it seems related yes, those devices don't seem to have that algorithm or the fallback algorithm ( a shame :( ). Open to PR's to solve.

gostik commented 8 years ago

We could resolve this problem by adding https://rtyley.github.io/spongycastle/ lib. Is it a single solution? Could anyone suggest better solution?

inktomi commented 8 years ago

It seems like SpongyCastle would be a good solution. Who wants to put a PR in for it? :)

hammad-tariq commented 8 years ago

Any work around ? I am unable to use spongycastle in android studio, what i will have to do after adding lib in my project. also what is PR :)

fernandospr commented 8 years ago

@inktomi Which SpongyCastle dependencies did you include in your Android Studio gradle project?

All of them?

compile 'com.madgag.spongycastle:core:1.54.0.0'
compile 'com.madgag.spongycastle:prov:1.54.0.0'
compile 'com.madgag.spongycastle:pkix:1.54.0.0'
compile 'com.madgag.spongycastle:pg:1.54.0.0'
brandoFS commented 8 years ago

Any update here? Having this issue with many samsung phones, any advice on how to fix?

albertovelazmoliner commented 8 years ago

@brandoFS For now I've added the SpongyCastle dependency to build.gradle //SpongeCastle compile('com.madgag.spongycastle:core:1.54.0.0') compile('com.madgag.spongycastle:prov:1.54.0.0') And added it in the MyApplication class

static { Security.insertProviderAt(new org.spongycastle.jce.provider.BouncyCastleProvider(), 1); }

It's not the solution but it works. Hope that helps you as a patch for now.

brandoFS commented 8 years ago

@albertovelazmoliner thank you

lgengsy commented 8 years ago

I got it more in 4.1.2 . who can help me ??

gostik commented 8 years ago

@lgengsy please use @albertovelazmoliner solution

brandoFS commented 8 years ago

@albertovelazmoliner added your spongycastle dependencies but we are still seeing the crash in our latest release. Any other idea?

lgengsy commented 8 years ago

I want to rewrite this with other encryption。

PasqualePuzio commented 8 years ago

I got the same issue... even after adding spongycastle.

That's frustrating :-(

doridori commented 8 years ago

Strange that some of you are seeing adding spongy fix this issue and some not. @PasqualePuzio & @brandoFS (or anyone else with this issue) could you paste the output of http://stackoverflow.com/a/7561104 to help debug this.

The solution should be to add spongy, but never put it past samsung to mess something up that every other device honors...

tprochazka commented 8 years ago

Is there any solution already? I found that in the SecurePreferencesOld already is the mechanism to detect if algorithm is supported on the running platform. Why it is nt in the new one?

Ther was problem that when user migrated to different phone they lost the configuration. But I think that used algorithm should be stored in preferences item to keep the same when new one will be introduced in the library to backward compatibility.

i-m-aman commented 5 years ago

I am handling this like - 

try {

                    AesCbcWithIntegrity.SecretKeys myKey = AesCbcWithIntegrity.generateKeyFromPassword(Build.SERIAL, AesCbcWithIntegrity.generateSalt(), 100);
                /*SecurePreferences.Editor editor = sharedPreferences.edit();
                editor.putString("realmkey", myKey.toString().substring(0, 64));
                editor.commit();*/
                    settings.edit().putString("rm", myKey.toString().substring(0, 64)).apply();

                } catch (NoSuchAlgorithmException e) {

                    AesCbcWithIntegrity.SecretKeys myKey = AesCbcWithIntegrity.generateKey();
                    if (myKey.toString().length() > 64) {
                        settings.edit().putString("rm", myKey.toString().substring(0, 64)).apply();
                    }
                }

am I doing it the right way?

Recently, got the error in Samsung 4.1.2 device

vinojvetha commented 5 years ago

@deathstroke007 Is above fix is work for Samsung 4.1.2 device?.

i-m-aman commented 5 years ago

I haven't tested it. But it will work out since i am catching the exception and using generatekey(). Please feel free to test and intimate me with the results.