Harmony icon indicating copy to clipboard operation
Harmony copied to clipboard

Published 20 hours ago verified publisher icon pablobaxter

Add Encryption for Harmony

Open pablobaxter opened this issue 4 years ago • 2 comments

As it stands now, it is not possible to use Harmony with EncryptedSharedPreferences found in androidx.security:security-crypto for a few reasons.

  • EncryptedSharedPreferences constructor is package-private.
    • This can be worked around, however, EncryptedSharedPreferences handles the calls to OnSharedPreferenceChangeListener internally, which breaks the usage for Harmony.
    • A custom encrypted preference class would need to be created to resolve the OnSharedPreferenceChangeListener issue.
  • The underlying AndroidKeysetManager class provided in Google Tink (https://github.com/google/tink) uses the Android SharedPreferences object by default.
    • This means that the keysets used for encrypting won't be multi-process safe.
    • There is a PR up for Tink to allow for custom SharedPreferences objects to be used (https://github.com/google/tink/pull/493).

Tasks

  • [x] Create a custom encrypted preferences class that is backed by Harmony, and will continue to work multi-process
  • [ ] Work towards getting https://github.com/google/tink/pull/493 merged (or work around it as a last resort)
  • [x] Create a new library that is not tied to Harmony directly, since the API for Tink requires API 23+ (Harmony is currently 17+)
  • [x] Unit tests
  • [x] Create new repository on MavenCentral for encryption library

pablobaxter avatar Apr 24 '21 00:04 pablobaxter

It's unclear when google/tink#493 will be merged, so I'm preparing the library for release by implementing my own version of the KeysetManager wrapper using Harmony as the backing SharedPreferences object. It's unclear if I'll release with this custom implementation (mostly a copy of AndroidKeysetManager actually), but will continue working on tests and release prep with current Keyset Manager implementation in mind.

pablobaxter avatar Apr 30 '21 05:04 pablobaxter

Pre-release of Crypto is now live

pablobaxter avatar May 29 '21 16:05 pablobaxter

I've taken steps to stay aligned with EncryptedSharedPreferences, but google/tink#493 is no longer needed, as I had to create a custom KeysetReader/KeysetWriter that could better handle multiple processes, and allow the Harmony Crypto preferences to work with OnSharedPreferenceChangedListener. #45 will be considered the fix for this ticket.

pablobaxter avatar Sep 15 '22 09:09 pablobaxter