SecureStorage icon indicating copy to clipboard operation
SecureStorage copied to clipboard

Published 20 hours ago verified publisher icon sameerkapps

AEADbadtagexception

Open Minneth opened this issue 6 years ago • 8 comments

Hi, I'm getting the above exception when I try to get a previous stored value. I'm using the package within a Xamarin.Forms Android app only. The issue appears to happen whenever the app has been re-opened after being closed. Can you please advise?

Minneth avatar Jun 05 '18 11:06 Minneth

Can you please provide more details/code? Thanks.

sameerkapps avatar Jun 24 '18 15:06 sameerkapps

Hello, im currently getting the same exception as described above, on android Oreo and Pie, while using plugin version 2.5.0.

When setting SecureStorageImplementation.StorageType = StorageTypes.AndroidKeyStore; And then calling: CrossSecureStorage.Current.GetValue("keyName"); The following exception occurs:

{Java.Security.GeneralSecurityException: Exception of type 'Java.Security.GeneralSecurityException' was thrown. ---> Java.Lang.Exception: Signature/MAC verification failed --- End of managed Java.Security.GeneralSecurityException stack trace --- javax.crypto.AEADBadTagException at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:517) at javax.crypto.Cipher.doFinal(Cipher.java:2113) at mono.java.lang.RunnableImplementor.n_run(Native Method) at mono.java.lang.RunnableImplementor.run(RunnableImplementor.java:30) at android.os.Handler.handleCallback(Handler.java:873) at android.os.Handler.dispatchMessage(Handler.java:99) at android.os.Looper.loop(Looper.java:193) at android.app.ActivityThread.main(ActivityThread.java:6669) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858) Caused by: android.security.KeyStoreException: Signature/MAC verification failed at android.security.KeyStore.getKeyStoreException(KeyStore.java:839) at android.security.keystore.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:224) at android.security.keystore.AndroidKeyStoreAuthenticatedAESCipherSpi$BufferAllOutputUntilDoFinalStreamer.doFinal(AndroidKeyStoreAuthenticatedAESCipherSpi.java:373) at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:506) ... 10 more }

When changing to SecureStorageImplementation.StorageType = StorageTypes.PasswordProtectedFile; it does work and the key can be retrieved every time.

Just89 avatar Aug 13 '18 14:08 Just89

Version: 2.5 Android-API: 25

AndroidKeystore Storagetype works for me except in one use case, I get the same exception as @Just89.

It occurs with AutoBackup when doing the following steps:

  1. Install Android-Sample-App (in manifest I had to set Target-SDK to API 27) and set value for key XXX in keystore
  2. Using Android AutoBackup: adb shell bmgr backupnow com.companyname.SecureStorageSample
  3. Uninstall App
  4. Reinstall App via adb (Important: With automatic restore enabled in settings --> Backup&reset)
  5. Try to get value for key XXX that was stored in step 1 --> AEADBadTagException

Interesting: When clicking on "Has Value" for key XXX it says "Y"es

Edit: Ok I digged a little deeper and found out that HasValue returns Yes because the Preferences File with the key/value pairs is backed up and restored after reinstall. The problem is that the key in the keystore is deleted during uninstall as far as I know. Thus, after reinstall, a new key is generated in keystore and GetValue can not decrypt the value that was encrypted with the previous key.

OliverMDr avatar Sep 04 '18 11:09 OliverMDr

I think the best solution is just to disable backing up data from Google Drive. You can do this in this way:

image

It is described better here: https://developer.android.com/guide/topics/data/autobackup#EnablingAutoBackup

On this website it is mentioned that backing up data should not be used for user sensitive data - data which is stored in Secure Storage.

Mikilll94 avatar Oct 04 '18 11:10 Mikilll94

Thanks for your response. I ended up with creating custom backup rules, that exclude the SecureStorage.xml, because I wanted to allow to backup some other not sensitive user settings.

OliverMDr avatar Oct 09 '18 14:10 OliverMDr

I am experiencing same issue on Android regarding Signature/MAC verification failed.

To resolve this issue I followed these steps:

  • Set <application android:allowBackup="false" ... > on your AndroidManifest.xml

  • Disable automatic restoration on physical device WhatsApp Image 2019-06-17 at 7 51 45 PM

  • Reinstall application

  • Re-Enable automatic restoration on physical device.

After doing this, i haven't had issues so far... =)

CollapsedMetal avatar Jun 18 '19 02:06 CollapsedMetal

@OliverMDr do you have the custom backup rules file?

dush135 avatar Mar 25 '21 04:03 dush135

@dush135 See here: https://developer.android.com/guide/topics/data/autobackup#IncludingFiles

OliverMDr avatar Mar 25 '21 08:03 OliverMDr