New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EncryptionProvider is not protecting data under monodroid, monotouch, or monomac #190
Comments
Further investigation shows that any project which includes the ProtectDataShim.cs file will not encrypt data. I would think that rather than just returning the original data this class should throw a NotImplementedException so consumers would know that encryption isn't supported on those platforms. |
Nope, we just need to Fix The Bug, and since we already have a bunch of unencrypted databases out there, we also need to create a migration that will do a table copy to encrypt data that isn't encrypted |
Any update on the data encryption on iOS/Android ? Would be really appreciated :) |
The problem with this is, that Android and iOS don't have support for the |
Maybe this library could help? It was mentioned in a Xamarin Evolve16 talk: https://youtu.be/rCT9kiA7SE0 |
I think that PCLCrypto could help as @KarinBerg said. Can we implement our own CustomEncryptionProvider and force Akavache to register it on IEncryptionProvider ? |
This is for everyone who can't wait for the Akavache release to fix this. The following article explains how you can do the encryption by yourself to work on both iOS and Android. Hint: also read the comments on the article :) !!! |
Hey guys, Can someone give my a hint? |
Stop using the static? It's only there for convenience. Inject the interface implementation into your services then you can unit tests. |
Hi Geoffrey,
So my registration for the IEncryptionProvider had no effect. :) Now I do the following which works:
|
I had issue with following Kents blog, because I am using PCL's. Incase someone needs help, you can follow this blog post: |
Hi @cfl777, the blog post link you provided seems to an expired website. Can you please help with another link? |
@akema-trebla Sorry didn't see your query until now: https://medium.com/@casseykeating/securing-akavache-cache-for-xamarin-966641de3c2b
|
Thanks @cfl777 |
SQLiteEncryptedBlobCache uses Akavache.EncryptionProvider for encryption. EncryptionProvider in turn uses static references to ProtoctedData for encrypting data during reads/writes.
EncryptionProvider has references to System.Security.Cryptography but ProtectedData doesn't exist in monotouch or monodroid. On both those platforms, Akavache falls back to the built in Akavache.ProtectedData shim which provides no encryption.
BlobCache.Secure (SQLiteEncryptedBlobCache) is affected by this as is anything else that uses the EncryptionProvider under monotouch or monodroid.
The text was updated successfully, but these errors were encountered: