kovmarci86 / android-secure-preferences Goto Github PK
View Code? Open in Web Editor NEWSecure AES Encryiption decorated Android SharedPreferences implementation.
Secure AES Encryiption decorated Android SharedPreferences implementation.
Adding support for getStringSet and putStringSet methods to work on Android 1.x, 2.x.
The minimum Sdk version is: ?
Add unit tests for SecureUtils, EncryptionHelper,SecuredEditor, SecureFactory.
Check results with emma:
mvn emma:emma
Set up pom.xmls to upload the project to central maven repository
I have now found this crash in my app
java.lang.ArrayIndexOutOfBoundsException: src.length=16 srcPos=0 dst.length=32 dstPos=32 length=5
at java.lang.System.arraycopy(Native Method)
at com.android.org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher.doFinal(PaddedBufferedBlockCipher.java:288)
at com.android.org.bouncycastle.jce.provider.JCEBlockCipher$BufferedGenericBlockCipher.doFinal(JCEBlockCipher.java:1045)
at com.android.org.bouncycastle.jce.provider.JCEBlockCipher.engineDoFinal(JCEBlockCipher.java:693)
at javax.crypto.Cipher.doFinal(Cipher.java:1111)
at edu.gmu.tec.scout.utilities.Encryption.decrypt(Encryption.java:94)
at com.github.kovmarci86.android.secure.preferences.encryption.EncryptionHelper.createDecodedObjectStream(EncryptionHelper.java:101)
at com.github.kovmarci86.android.secure.preferences.encryption.EncryptionHelper.readDecoded(EncryptionHelper.java:88)
at com.github.kovmarci86.android.secure.preferences.encryption.EncryptionHelper.readAndDecodeTemplate(EncryptionHelper.java:44)
at com.github.kovmarci86.android.secure.preferences.SecureSharedPreferences.getString(SecureSharedPreferences.java:74)
at cz.idc.letenky.service.AppSettingsService.getUserLogin(AppSettingsService.java:50)
at cz.idc.letenky.service.AppSettingsService.isUserLoggedIn(AppSettingsService.java:46)
Maybe encrypted data was corrupted accidently and now is not possible decrypt them, but it should by handled and better would be return default value in this situation than app crash. And log error to the logcat.
Code like
getPrefs().edit()
.putString("closureID", closureID)
.putString("merchantName", merchantName)
.putString("sourceAuthKey", sourceAuthKey)
.commit();
doesn't work, because you return unsecured (standard) Editor from putXY methods instead of SecuredEditor.
What is the license that SecurePreferences is distributed under? Can you add a licensing file describing the license, or add a mention at the bottom of the readme?
Please can you provide licence for your project, not it is completely missing :-(
Hi,
You state your code derives it's basic encryption logic from: http://www.java2s.com/Code/Android/Security/AESEncryption.htm (see: https://github.com/kovmarci86/android-secure-preferences/blob/master/secure-preferences/src/main/java/edu/gmu/tec/scout/utilities/Encryption.java)
This example has grave security issues, among others:
As I can see you avoid the first point, but still the other points are grave enough to make the whole scheme very unsecure.
I'm thinking about adding secure-preferences to already existing project. Currently users will lost all preference data, because library can't decrypt non encrypted data. Did you think about it already?
Will be useful something like prefix for encrypted data with version identificator like "$sp-1-". And library will be use this to recognize if data are already encrypted. It allow also use different (more secure, faster) encryption in the future with backward compatibility for existing applications.
What do you mean?
Change groupId, package base to fulfil the requirements for uploading to the Maven Central Repository:
http://maven.apache.org/guides/mini/guide-central-repository-upload.html
http://maven.apache.org/guides/mini/guide-naming-conventions.html
I started testing the new version and one of integration test failed, when I try to build library by maven.
[INFO] 4df1c91a0c879f8b_samsung_GT-N7100 : ERROR:com.mkovacs.android.secure.preferences.SecureSharedPreferencesFunctionalTest#testSecureSharedPreferencesApply
[INFO] 4df1c91a0c879f8b_samsung_GT-N7100 : java.lang.IncompatibleClassChangeError: interface not implemented
at com.mkovacs.android.secure.preferences.encryption.EncryptionHelper.encode(EncryptionHelper.java:71)
at com.mkovacs.android.secure.preferences.SecuredEditor.putBoolean(SecuredEditor.java:69)
at com.mkovacs.android.secure.preferences.SecureSharedPreferencesFunctionalTest.testSecureSharedPreferencesApply(SecureSharedPreferencesFunctionalTest.java:118)
at java.lang.reflect.Method.invokeNative(Native Method)
at android.test.InstrumentationTestCase.runMethod(InstrumentationTestCase.java:214)
at android.test.InstrumentationTestCase.runTest(InstrumentationTestCase.java:199)
at android.test.AndroidTestRunner.runTest(AndroidTestRunner.java:192)
at android.test.AndroidTestRunner.runTest(AndroidTestRunner.java:177)
at android.test.InstrumentationTestRunner.onStart(InstrumentationTestRunner.java:555)
at android.app.Instrumentation$InstrumentationThread.run(Instrumentation.java:1619)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.