secure-preferences icon indicating copy to clipboard operation
secure-preferences copied to clipboard

Published 20 hours ago verified publisher icon scottyab

clear() also removes auto-generated key

Open inktomi opened this issue 8 years ago • 2 comments

When you call clear() on your SecurePreferences instance, it also removes the encryption key used. This means that if you do the following, you can't read out the values you'd expect:

new SecurePreferences(context, "", "file-name");
.putString("foo", "bar");
.getString("foo")  // returns bar as expected
.clear();
.putString("foo", "bar");

new SecurePreferences(context, "", "file-name");
getString("foo") // returns null since the key was recreated after .clear removed it.

The problem is that clear() does not also remove the SecureKeys instance, but it does remove the preference that backs it. The following "putString" encrypts with the old SecureKeys instance. Then, when the constructor fires, it can't find the preference and recreates it causing a new SecureKeys instance to be created as well.

inktomi avatar Nov 13 '15 19:11 inktomi

In progress? public void handlePasswordChange(String newPassword, Context context, int iterationCount) have same problem. If nobody take out this issue, I'll take it.

ShinJJang avatar Sep 07 '16 07:09 ShinJJang

@ShinJJang please do, Thanks!

scottyab avatar Sep 07 '16 12:09 scottyab