Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

5.0.0-beta.5: deleteAll throws "java.lang.SecurityException: Could not decrypt key. decryption failed" #313

Closed
duzenko opened this issue Oct 8, 2021 · 6 comments
Closed

5.0.0-beta.5: deleteAll throws "java.lang.SecurityException: Could not decrypt key. decryption failed" #313

duzenko opened this issue Oct 8, 2021 · 6 comments

Comments

@duzenko
Copy link

duzenko commented Oct 8, 2021
edited
Loading

Code

    await _storage.deleteAll();

throws this:

I/flutter (22514): │ PlatformException(Exception encountered, deleteAll, java.lang.SecurityException: Could not decrypt key. decryption failed
I/flutter (22514): │ 	at androidx.security.crypto.EncryptedSharedPreferences.decryptKey(EncryptedSharedPreferences.java:612)
I/flutter (22514): │ 	at androidx.security.crypto.EncryptedSharedPreferences.getAll(EncryptedSharedPreferences.java:402)
I/flutter (22514): │ 	at androidx.security.crypto.EncryptedSharedPreferences$Editor.clearKeysIfNeeded(EncryptedSharedPreferences.java:358)
I/flutter (22514): │ 	at androidx.security.crypto.EncryptedSharedPreferences$Editor.apply(EncryptedSharedPreferences.java:348)
I/flutter (22514): │ 	at com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin.deleteAll(FlutterSecureStoragePlugin.java:178)
I/flutter (22514): │ 	at com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin.access$800(FlutterSecureStoragePlugin.java:37)
I/flutter (22514): │ 	at com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin$MethodRunner.run(FlutterSecureStoragePlugin.java:287)
I/flutter (22514): │ 	at android.os.Handler.handleCallback(Handler.java:938)
I/flutter (22514): │ 	at android.os.Handler.dispatchMessage(Handler.java:99)
I/flutter (22514): │ 	at android.os.Looper.loop(Looper.java:246)
I/flutter (22514): │ 	at android.os.HandlerThread.run(HandlerThread.java:67)
I/flutter (22514): │ Caused by: java.security.GeneralSecurityException: decryption failed
I/flutter (22514): │ 	at com.google.crypto.tink.daead.DeterministicAeadWrapper$WrappedDeterministicAead.decryptDeterministically(DeterministicAeadWrapper.java:91)
I/flutter (22514): │ 	at androidx.security.crypto.EncryptedSharedPreferences.decryptKey(EncryptedSharedPreferences.java:603)
I/flutter (22514): │ 	... 10 more
I/flutter (22514): │ , null)

Tried with const AndroidOptions( encryptedSharedPreferences: true, );, same result

Samsung M11
@jnelle
Copy link

jnelle commented Oct 14, 2021

it works fine for me on Android 10, 11 and 12

@pmk1c
Copy link

pmk1c commented Nov 11, 2021

I think this happened to me during development, while I was switching from the old way of using FlutterSecureStorage on Android to EncryptedSharedPreferences, when I had data stored via the old method as well as via EncryptedSharedPreferences.

@pmk1c
Copy link

pmk1c commented Nov 11, 2021
edited
Loading

Yes, I can recreate this with an Emulator running Android 12:

W/AndroidKeysetManager(13777): keyset not found, will generate a new one
W/AndroidKeysetManager(13777): java.io.FileNotFoundException: can't read keyset; the pref value __androidx_security_crypto_encrypted_prefs_key_keyset__ does not exist
W/AndroidKeysetManager(13777): 	at com.google.crypto.tink.integration.android.SharedPrefKeysetReader.readPref(SharedPrefKeysetReader.java:71)
W/AndroidKeysetManager(13777): 	at com.google.crypto.tink.integration.android.SharedPrefKeysetReader.readEncrypted(SharedPrefKeysetReader.java:89)
W/AndroidKeysetManager(13777): 	at com.google.crypto.tink.KeysetHandle.read(KeysetHandle.java:105)
W/AndroidKeysetManager(13777): 	at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.read(AndroidKeysetManager.java:311)
W/AndroidKeysetManager(13777): 	at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.readOrGenerateNewKeyset(AndroidKeysetManager.java:287)
W/AndroidKeysetManager(13777): 	at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build(AndroidKeysetManager.java:238)
W/AndroidKeysetManager(13777): 	at androidx.security.crypto.EncryptedSharedPreferences.create(EncryptedSharedPreferences.java:155)
W/AndroidKeysetManager(13777): 	at androidx.security.crypto.EncryptedSharedPreferences.create(EncryptedSharedPreferences.java:120)
W/AndroidKeysetManager(13777): 	at com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin.createEncryptedSharedPreferences(FlutterSecureStoragePlugin.java:120)
W/AndroidKeysetManager(13777): 	at com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin.ensureInitialized(FlutterSecureStoragePlugin.java:85)
W/AndroidKeysetManager(13777): 	at com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin.access$100(FlutterSecureStoragePlugin.java:37)
W/AndroidKeysetManager(13777): 	at com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin$MethodRunner.run(FlutterSecureStoragePlugin.java:256)
W/AndroidKeysetManager(13777): 	at android.os.Handler.handleCallback(Handler.java:938)
W/AndroidKeysetManager(13777): 	at android.os.Handler.dispatchMessage(Handler.java:99)
W/AndroidKeysetManager(13777): 	at android.os.Looper.loopOnce(Looper.java:201)
W/AndroidKeysetManager(13777): 	at android.os.Looper.loop(Looper.java:288)
W/AndroidKeysetManager(13777): 	at android.os.HandlerThread.run(HandlerThread.java:67)
W/AndroidKeysetManager(13777): keyset not found, will generate a new one
W/AndroidKeysetManager(13777): java.io.FileNotFoundException: can't read keyset; the pref value __androidx_security_crypto_encrypted_prefs_value_keyset__ does not exist
W/AndroidKeysetManager(13777): 	at com.google.crypto.tink.integration.android.SharedPrefKeysetReader.readPref(SharedPrefKeysetReader.java:71)
W/AndroidKeysetManager(13777): 	at com.google.crypto.tink.integration.android.SharedPrefKeysetReader.readEncrypted(SharedPrefKeysetReader.java:89)
W/AndroidKeysetManager(13777): 	at com.google.crypto.tink.KeysetHandle.read(KeysetHandle.java:105)
W/AndroidKeysetManager(13777): 	at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.read(AndroidKeysetManager.java:311)
W/AndroidKeysetManager(13777): 	at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.readOrGenerateNewKeyset(AndroidKeysetManager.java:287)
W/AndroidKeysetManager(13777): 	at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build(AndroidKeysetManager.java:238)
W/AndroidKeysetManager(13777): 	at androidx.security.crypto.EncryptedSharedPreferences.create(EncryptedSharedPreferences.java:160)
W/AndroidKeysetManager(13777): 	at androidx.security.crypto.EncryptedSharedPreferences.create(EncryptedSharedPreferences.java:120)
W/AndroidKeysetManager(13777): 	at com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin.createEncryptedSharedPreferences(FlutterSecureStoragePlugin.java:120)
W/AndroidKeysetManager(13777): 	at com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin.ensureInitialized(FlutterSecureStoragePlugin.java:85)
W/AndroidKeysetManager(13777): 	at com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin.access$100(FlutterSecureStoragePlugin.java:37)
W/AndroidKeysetManager(13777): 	at com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin$MethodRunner.run(FlutterSecureStoragePlugin.java:256)
W/AndroidKeysetManager(13777): 	at android.os.Handler.handleCallback(Handler.java:938)
W/AndroidKeysetManager(13777): 	at android.os.Handler.dispatchMessage(Handler.java:99)
W/AndroidKeysetManager(13777): 	at android.os.Looper.loopOnce(Looper.java:201)
W/AndroidKeysetManager(13777): 	at android.os.Looper.loop(Looper.java:288)
W/AndroidKeysetManager(13777): 	at android.os.HandlerThread.run(HandlerThread.java:67)
I/EngineFactory(13777): Provider GmsCore_OpenSSL not available
E/flutter (13777): [ERROR:flutter/lib/ui/ui_dart_state.cc(209)] Unhandled Exception: PlatformException(Exception encountered, readAll, java.lang.SecurityException: Could not decrypt key. decryption failed
E/flutter (13777): 	at androidx.security.crypto.EncryptedSharedPreferences.decryptKey(EncryptedSharedPreferences.java:612)
E/flutter (13777): 	at androidx.security.crypto.EncryptedSharedPreferences.getAll(EncryptedSharedPreferences.java:402)
E/flutter (13777): 	at com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin.readAll(FlutterSecureStoragePlugin.java:156)
E/flutter (13777): 	at com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin.access$600(FlutterSecureStoragePlugin.java:37)
E/flutter (13777): 	at com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin$MethodRunner.run(FlutterSecureStoragePlugin.java:268)
E/flutter (13777): 	at android.os.Handler.handleCallback(Handler.java:938)
E/flutter (13777): 	at android.os.Handler.dispatchMessage(Handler.java:99)
E/flutter (13777): 	at android.os.Looper.loopOnce(Looper.java:201)
E/flutter (13777): 	at android.os.Looper.loop(Looper.java:288)
E/flutter (13777): 	at android.os.HandlerThread.run(HandlerThread.java:67)
E/flutter (13777): Caused by: java.security.GeneralSecurityException: decryption failed
E/flutter (13777): 	at com.google.crypto.tink.daead.DeterministicAeadWrapper$WrappedDeterministicAead.decryptDeterministically(DeterministicAeadWrapper.java:91)
E/flutter (13777): 	at androidx.security.crypto.EncryptedSharedPreferences.decryptKey(EncryptedSharedPreferences.java:603)
E/flutter (13777): 	... 9 more
E/flutter (13777): , null)
E/flutter (13777): #0      StandardMethodCodec.decodeEnvelope
package:flutter/…/services/message_codecs.dart:607
E/flutter (13777): #1      MethodChannel._invokeMethod
package:flutter/…/services/platform_channel.dart:156
E/flutter (13777): <asynchronous suspension>
E/flutter (13777): #2      MethodChannelFlutterSecureStorage.readAll (package:flutter_secure_storage_platform_interface/src/method_channel_flutter_secure_storage.dart:61:21)
E/flutter (13777): <asynchronous suspension>

Here's what I'm currently doing to migrate to EncryptedSharedPreferences:

 final _newAndroidOptions = const AndroidOptions(encryptedSharedPreferences: true);

  Future<void> call() async {
    final newData = await _storage.readAll(aOptions: _newAndroidOptions);
    if (newData.isNotEmpty) return;

    final oldData = await _storage.readAll();
    for (final entry in oldData.entries) {
      await _storage.write(
          key: entry.key, value: entry.value, aOptions: _newAndroidOptions);
    }
  }

When I start the App with a version using the "old" way of storing on Android, then update the App (with the same data) to the new way and let the migration above run, it is unable to do a readAll neither with the old way, nor via EncryptedSharedPreferences, but throws this error.

@juliansteenbakker
Copy link
Collaborator

This is a known issue and will be fixed in #328

@pmk1c
Copy link

pmk1c commented Nov 12, 2021
edited
Loading

Ah 💡. Thanks for the heads up and your work!

@juliansteenbakker
Copy link
Collaborator

Fixed and released in v5.0.0

@juliansteenbakker juliansteenbakker mentioned this issue Feb 21, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@duzenko @pmk1c @juliansteenbakker @jnelle