Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encryption: Get IV directly from the cipher object when encrypting the private key #2154

Merged
merged 1 commit into from
Feb 14, 2018
Merged

Encryption: Get IV directly from the cipher object when encrypting the private key #2154

merged 1 commit into from
Feb 14, 2018

Conversation

ardevd
Copy link
Collaborator

@ardevd ardevd commented Feb 12, 2018

In Android O and newer (at least) javax.crypto.spec.IvParameterSpec is unsupported. Get the IV directly from the cipher object instead. This has been tested on API level 27 and found to work well. E2E encryption keys can now be stored correctly since the private key can be encrypted successfully.

This fixes #2134 and all the other issues describing the same issue.

@ardevd
Encryption: Get IV directly from the cipher object when encrypting th…
5a49c5a 
…e private key.

In Android O and newer (at least) javax.crypto.spec.IvParameterSpec is unsupported. Get the IV directly from the cipher object instead.
@ardevd
Copy link
Collaborator Author

ardevd commented Feb 12, 2018

Should probably be tested with lower API levels to make sure it works for all of them. Worst case we will have to use a if statement to generate the IV differently newer/older API levels.

@ardevd
Copy link
Collaborator Author

ardevd commented Feb 12, 2018

Tested on API level 23. Works fine there too.

@AndyScherzinger
Copy link
Member

Calling @tobiasKaminsky for e2e, should imho then be backported for 3.0.1

@ardevd ardevd mentioned this pull request Feb 12, 2018
Closed
@tobiasKaminsky
Copy link
Member

tobiasKaminsky commented Feb 14, 2018
edited by AndyScherzinger
Loading

👍
Thank you for this great finding! 🎉

Approved with PullApprove

@tobiasKaminsky tobiasKaminsky merged commit 6038848 into nextcloud:master Feb 14, 2018
@tobiasKaminsky tobiasKaminsky mentioned this pull request Feb 14, 2018
Merged
@ardevd ardevd mentioned this pull request Feb 14, 2018
Closed
@AndyScherzinger AndyScherzinger added this to the Nextcloud App 3.1.0 milestone Feb 14, 2018
@AndyScherzinger
Copy link
Member

❤️ Thanks a lot for your contribution @ardevd ❤️

@ardevd
Copy link
Collaborator Author

ardevd commented Feb 15, 2018

You're most welcome! Thanks for keeping things open source ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
E2E
Projects
None yet
Milestone
Nextcloud App 3.1.0
Development

Successfully merging this pull request may close these issues.

E2E: Unsupported class: class javax.crypto.spec.IvParameterSpec when encrypting the private key.
3 participants
@ardevd @AndyScherzinger @tobiasKaminsky