AndroidX Security EncryptedSharedPreferences v1.1.0/w API 21问题 [英] AndroidX Security EncryptedSharedPreferences v1.1.0 /w API 21 issue

问题描述

我决定使用AndroidX安全性库中的新EncryptedSharedPreferences.由于该应用程序支持API 21和更高版本，因此我决定尝试此新的v1.1.0-alpha02版本，因为它支持API 21 +

I decided to use new EncryptedSharedPreferences from AndroidX Security library. Since the app is supporting API 21 and higher, I decided to try out this new v1.1.0-alpha02 version, since it supports API 21+

因此，我成功地实现了API 23+的实现，但是对于不支持Android KeyStore的较旧版本，我做得不好，也没有确切的说明如何创建主密钥来实现.它以某种方式起作用.

So, I succeded to make the implementation for API 23+, but for older versions where Android KeyStore is not supported, I couldn't make it right, and there are no exact instructions how the master key should be created to make it work somehow.

用于初始化SharedPrefs的代码:

The code for initializing SharedPrefs:

EncryptedSharedPreferences.create(
        "prefs_name",
        createMasterKey(),
        App.appContext,
        EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
        EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
    )

具有用于创建主密钥的功能

with this function for creating master key

   private fun createMasterKey(): String {
        return if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
            MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC)
        } else {
            val alias = "my_alias"
            val start: Calendar = GregorianCalendar()
            val end: Calendar = GregorianCalendar()
            end.add(Calendar.YEAR, 30)

            val spec = KeyPairGeneratorSpec.Builder(App.appContext)
                .setAlias(alias)
                .setSubject(X500Principal("CN=$alias"))
                .setSerialNumber(BigInteger.valueOf(abs(alias.hashCode()).toLong()))
                .setStartDate(start.time).setEndDate(end.time)
                .build()

            val kpGenerator: KeyPairGenerator = KeyPairGenerator.getInstance(
                "RSA",
                "AndroidKeyStore"
            )
            kpGenerator.initialize(spec)
            val kp: KeyPair = kpGenerator.generateKeyPair()
            
            kp.public.toString()
        }
    }

我在某个地方找到了该解决方案，但尚未验证(没有确认它确实有效)，但似乎应该可以.

I found this solution somewhere out there, but it's not verified (no confirmation that it actually works), but it seems it should work.

将此代码块用于API 21和22时，在创建EncryptedSharedPreferences时出现错误，并显示: 方法引发了"com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException"异常. 协议消息包含无效标签(零).

When using this code block for API 21 and 22, the error appears on creating EncryptedSharedPreferences, and it says: Method threw 'com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException' exception. Protocol message contained an invalid tag (zero).

有人找到了此实现的解决方案，还是您知道为什么会这样? 我认为这会对很多人有帮助，因为没有确切的解释，这个主密钥应该包含什么.

Did someone find the solution for this implementation, or do you know why is this happening? I think this would help a lot of people, since there is no exact explanation what should this master key contain.

提前谢谢！

推荐答案

添加到清单 android:allowBackup="false" android:fullBackupContent="false"

由于卸载了应用程序后，您仍然备份了加密文件，在安装新版本后，您肯定无法对其进行解密.

Because after uninstalling the application you still have backed up your crypto file which you definitely can't decrypt after installing a new version.

这篇关于AndroidX Security EncryptedSharedPreferences v1.1.0/w API 21问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！