Comments (10)
I got the same problem only when I running a apk with minifyEnabled is true:
Caused by: java.lang.SecurityException: new SecureRandom() backed by wrong Provider: class com.tozny.crypto.android.AesCbcWithIntegrity$PrngFixes$LinuxPRNGSecureRandomProvider
at com.tozny.crypto.android.AesCbcWithIntegrity$PrngFixes.d(Unknown Source)
at com.tozny.crypto.android.AesCbcWithIntegrity$PrngFixes.a(Unknown Source)
at com.tozny.crypto.android.AesCbcWithIntegrity.c(Unknown Source)
at com.tozny.crypto.android.AesCbcWithIntegrity.a(Unknown Source)
at com.tozny.crypto.android.AesCbcWithIntegrity.a(Unknown Source)
in the proguard config I add:
-keep class com.tozny.crypto.android.AesCbcWithIntegrity$PrngFixes$* { *; }
running on Genymotion Android Emulator 4.2.2
Is this related to tozny/java-aes-crypto#13 or this post ?
from secure-preferences.
I've tested all versions from Android 4.1.1, 4.2.2, 4.3 (Genymotion Emulator) They all crashed.
However if change the version of secure-preference
from 1.0.3 to 1.0.2๏ผit all worked!
This might not completely solve the problem but it could help for now.
from secure-preferences.
Thanks Robert, I'll take a look today
On Tue, 13 Oct 2015 07:54 Robert Wang [email protected] wrote:
I've tested all versions from 4.1.1, 4.2.2, 4.3 (Genymotion Emulator) They
all crashed.However I change the version of secure-preference from 1.0.3 to 1.0.2๏ผit
all worked!This might not completely solve the problem but it could help for now.
โ
Reply to this email directly or view it on GitHub
#31 (comment)
.
from secure-preferences.
The PrngFixes class is doing several equals
checks on class names i.e getProvider().getClass().getSimpleName().equals("LinuxPRNGSecureRandomProvider")
but this was failing due to the obfuscation. Even when using -keep
on the two inner classes of PrngFixes ( LinuxPRNGSecureRandomProvider and LinuxPRNGSecureRandom) still the equals
wasn't satisfied.
I changed the equals check to use LinuxPRNGSecureRandomProvider.class.getSimpleName()
rather than "LinuxPRNGSecureRandomProvider"
. This way it doesn't matter if proguard (or whatever) changes the class name.
Tested on devices and genymotion.
I'll add the fixed the java-aes-crypto lib (my fork) it'll be in version 'com.scottyab:aes-crypto:0.0.4' and I'll PR to the original.
from secure-preferences.
Fixed in v0.1.4 of Secure-preferences
from secure-preferences.
This is not fixed in v0.1.4. Please, reopen. I still see the exception:
Caused by java.lang.SecurityException: new SecureRandom() backed by wrong Provider: class org.apache.harmony.security.provider.crypto.CryptoProvider
at com.tozny.crypto.android.AesCbcWithIntegrity$PrngFixes.installLinuxPRNGSecureRandom(AesCbcWithIntegrity.java:767)
GT-I8190L
Android 4.1.2
from secure-preferences.
I can still see the issue. Interesting thing is it is happening to my users but none of my test devices has this issue.
from secure-preferences.
Still crashes on 4.1.1
Fatal Exception: java.lang.RuntimeException
Unable to create application: java.lang.SecurityException: SecureRandom.getInstance("SHA1PRNG") backed by wrong Provider: class org.apache.harmony.security.provider.crypto.CryptoProvider
from secure-preferences.
Is there any solution available for this? I get this crash as well on a Samsung 4.1.2 device.
from secure-preferences.
Still happening
Runining this code:
SecurePreferences.Editor prefs = new SecurePreferences(mContext).edit();
Gives this error:
Fatal Exception: java.lang.SecurityException: new SecureRandom() backed by wrong Provider: class org.apache.harmony.security.provider.crypto.CryptoProvider
at com.tozny.crypto.android.AesCbcWithIntegrity$PrngFixes.installLinuxPRNGSecureRandom(AesCbcWithIntegrity.java:764)
at com.tozny.crypto.android.AesCbcWithIntegrity$PrngFixes.apply(AesCbcWithIntegrity.java:680)
at com.tozny.crypto.android.AesCbcWithIntegrity.fixPrng(AesCbcWithIntegrity.java:347)
at com.tozny.crypto.android.AesCbcWithIntegrity.generateKeyFromPassword(AesCbcWithIntegrity.java:184)
at com.securepreferences.SecurePreferences.generateAesKeyName(SecurePreferences.java:228)
at com.securepreferences.SecurePreferences.(SecurePreferences.java:149)
at com.securepreferences.SecurePreferences.(SecurePreferences.java:134)
at com.securepreferences.SecurePreferences.(SecurePreferences.java:107)
at com.securepreferences.SecurePreferences.(SecurePreferences.java:82)
API:
com.scottyab:secure-preferences-lib:0.1.7
from secure-preferences.
Related Issues (20)
- Fix getAll method to return the correct value for StringSet. HOT 2
- AndroidQ will no longer support android.preference. HOT 1
- Android 10 - android.preference deprecated HOT 1
- Security alert on our production app on google play console
- Android Canary 3.6 not building HOT 3
- Value can't be saved when put value after clear() and kill app in background. HOT 1
- DeterministicAeadFactory.java line 13
- Flutter HOT 1
- How to use sharedPreference in flutter to stay user loggedin in flutter using a setBool and GetBool HOT 2
- [ERROR:flutter/lib/ui/ui_dart_state.cc(186)] Unhandled Exception: MissingPluginException(No implementation found for method getAll on channel plugins.flutter.io/shared_preferences)
- java.security.KeyStoreException: the master key android-keystore://_androidx_security_master_key_ exists but is unusable
- Create tag 0.1.7 HOT 1
- SecurePreferences.getString() throws java.lang.IllegalStateException HOT 1
- Crashing in API 28 (Android Pie) s== null (DO NOT USE THIS LIBRARY, it is completely broken) HOT 22
- Does this library needs to update the TragetSDKversion to 26? HOT 1
- After upgrade Android OS Version 9 (pie) the values are not stored and retrieved. HOT 5
- all sharedPrefrences remove after app crash's
- Security Scan failed
- securePref.getAll() return map where only values decrypted and keys encrypted HOT 1
- After updating to Android Q, i am not able to retrieve the data from the Secure preferences? HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secure-preferences.