A shared preference implementation for confidential data in Android. Per default uses AES-GCM, BCrypt and HKDF as cryptographic primitives. Uses the concept of device fingerprinting combined with optional user provided passwords and strong password hashes.
api
to implementation
If you are using code of any of the following libraries as transitive dependencies through this lib:
at.favre.lib:hkdf
at.favre.lib:bytes
at.favre.lib:bcrypt
com.jakewharton.timber:timber
your build may break and you have to add the dependency manually to your build. The reason is, that
I changed the scope of these to implementation
. See https://docs.gradle.org/current/userguide/java_library_plugin.html#:~:text=The%20api%20configuration%20should%20be,are%20internal%20to%20the%20component.
The RecoveryPolicy
interface changed to include a more flexible handle method.
If you used the old one just change:
new RecoveryPolicy.Default(true, false);
to
new SimpleRecoveryPolicy.Default(true, false);
What was RecoveryPolicy
is now SimpleRecoveryPolicy
.
In the old bcrypt implementation the following issues were found (#16):
These issue limit the security strength of the KDF severely and immediate update is recommended.
The security fix unfortunately introduced some non-backwards compatible changes. Migration will only be needed if:
Updating the library will instantly make your data incompatible in this case. Please follow the migration steps below:
BrokenBcryptKeyStretcher
,
so the lib will be again able to read the data: SharedPreferences preferences = Armadillo.create(context, ...)
...
.password(myPassword);
.keyStretchingFunction(new BrokenBcryptKeyStretcher()).build();
preferences.changePassword(myPassword, new ArmadilloBcryptKeyStretcher());
And that's basically it. From now on you won't need to set the
keyStretchingFunction()
any more. Note, that changing the password, is
a very slow process, because it involves, decrypting and re-encrypting all
values in the preference store (it is transactional).
I recommend setting a migration flag in a non-encrypted SharedPreference
and migrate the next time the user has to enter the password (this process
should be in background task anyway, so it should only take a bit longer
to decrypt for the user)
NOTE: If you are using 0.4.-
of armadillo, the user pw will not encrypt the data. Please update ASAP, but mind that this might make data inaccessible. I will be working on a workaround/migration guide. (see #11)
Special thx to @davidmigloz who is responsible for most of the fixes in this release and for finding the issue.
Note: This release has a known security issue relating to the user password not correctly used during encryption (see #11). Do not use this release and migrate to 0.5+ ASAP
null
in .putString()
and .putStringSet()
; same as calling remove()
as per API spec