Comments (13)
Hey @scottyab, I started looking into it and so far it seems that the best way to do it would be creating another constructor which would take AesCbcWithIntegrity.SecretKeys
instead of the password. Plus, it'd be nice to add another method to AesCbcWithIntegrity
, namely generateKeyFromPassword(String password, String salt, int iterationCount, int keyLength)
, which would allow easy creation of the SecreyKeys
with whatever strenght the user wants. But I'm not sure if it wouldn't violate the purpose of the library - providing simple and secure encryption. What do you think?
from secure-preferences.
Great minds think alike 👍 , I've just added a new constructor to take AesCbcWithIntegrity.SecretKeys
and I'm just writing a unit test for it (before pushing). As for the changes to 'AesCbcWithIntegrity', personally it makes sense, it just gives more options the default are still stronger.
from secure-preferences.
wow, 3 seconds, i didn't know it was that long. Maybe some kind of lite mode option would suitable or as you suggest providing own key could be good. I'll review that post.
from secure-preferences.
Hey @cermakcz Confirmed. I'm seeing init time of 4.4s on nexus 4. Let's make suppling your own key an enhancement. I'd welcome PR if you have time, otherwise I'd add to my todo.
from secure-preferences.
Thanks for the change, I just started working on it when I read that you've already done it :) I'll go and see if there's something I can do about the AesCbcWithIntegrity change.
Edit: pull request here: tozny/java-aes-crypto#12
from secure-preferences.
Thanks for that. Hoping @tozny is ok with and can merge the PR. I'll pull once accepted. In Secure Preferences I'm actually using my fork of java-aes-crypto as wanted to reference the dependancy from maven central.
from secure-preferences.
Yeah I noticed. That's why I was hoping you'd pull it to your fork and make a new version, like you said.
from secure-preferences.
@cermakcz i've pulled your fork of java-aes-crypto into my fork added unit test and published as 0.0.3. Just waiting on maven central to propagate, then I'll release a new version of secure prefs 0.1.3 dependent on com.scottyab:aes-crypto:0.0.3
from secure-preferences.
@scottyab Cool, thanks.
from secure-preferences.
Fixed in 0.1.3 (once propagated to maven central)
Example...
AesCbcWithIntegrity.SecretKeys myKey = AesCbcWithIntegrity.generateKeyFromPassword(Build.SERIAL,AesCbcWithIntegrity.generateSalt(),1000);
SharedPreferences securePrefs1000 = new SecurePreferences(this, myKey, "my_prefs_1000.xml");
from secure-preferences.
Hi, i tried using password, but still app lags.
from secure-preferences.
@mkaarthick I'm not sure I understand your comment. You can manually pass in your own keys created with generateKeyFromPassword
method that takes a int of the iterationCount
. To increase the speed (but reduce security) you can lower the iterationCount (default 10,000).
AesCbcWithIntegrity.SecretKeys mykeys = AesCbcWithIntegrity.generateKeyFromPassword(password, salt, iterationCount);
SecurePreferences securePrefs = new SecurePreferences(getContext(), mykeys, "pref-file");
from secure-preferences.
handlePasswordChange()
also need iteration count parameter. All method is private static, so I can't override. If to find method not to build library, the only way is inheritance with SecurePreference
and overwrite method handlePasswordChange()
. But, this is not cool.
from secure-preferences.
Related Issues (20)
- Fix getAll method to return the correct value for StringSet. HOT 2
- AndroidQ will no longer support android.preference. HOT 1
- Android 10 - android.preference deprecated HOT 1
- Security alert on our production app on google play console
- Android Canary 3.6 not building HOT 3
- Value can't be saved when put value after clear() and kill app in background. HOT 1
- DeterministicAeadFactory.java line 13
- Flutter HOT 1
- How to use sharedPreference in flutter to stay user loggedin in flutter using a setBool and GetBool HOT 2
- [ERROR:flutter/lib/ui/ui_dart_state.cc(186)] Unhandled Exception: MissingPluginException(No implementation found for method getAll on channel plugins.flutter.io/shared_preferences)
- java.security.KeyStoreException: the master key android-keystore://_androidx_security_master_key_ exists but is unusable
- Create tag 0.1.7 HOT 1
- SecurePreferences.getString() throws java.lang.IllegalStateException HOT 1
- Crashing in API 28 (Android Pie) s== null (DO NOT USE THIS LIBRARY, it is completely broken) HOT 22
- Does this library needs to update the TragetSDKversion to 26? HOT 1
- After upgrade Android OS Version 9 (pie) the values are not stored and retrieved. HOT 5
- all sharedPrefrences remove after app crash's
- Security Scan failed
- securePref.getAll() return map where only values decrypted and keys encrypted HOT 1
- After updating to Android Q, i am not able to retrieve the data from the Secure preferences? HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secure-preferences.