Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

getGenericPassword failing after updating package from 8.2.0 #704

Open
Bowlerr opened this issue Dec 16, 2024 · 9 comments
Open

getGenericPassword failing after updating package from 8.2.0 #704

Bowlerr opened this issue Dec 16, 2024 · 9 comments

Comments

@Bowlerr
Copy link

Bowlerr commented Dec 16, 2024
edited
Loading

Title: Incompatibility Between Versions 8.2.0 and 9.2.2 with getGenericPassword

Description:
When upgrading from react-native-keychain version 8.2.0 to 9.2.2/9.2.1, I encountered an error when calling getGenericPassword. The password was set using version 8.2.0, but when attempting to retrieve it in version 9.2.2, the following error occurs:

Wrapped error: The message could not be decrypted successfully. It has either been tampered with or the wrong resource is being decrypted.

Steps to Reproduce:

  1. Set the password using version 8.2.0: 
    setGenericPassword('pin', encrypted, {
  service: 'passcode',
  storage: STORAGE_TYPE.FB,
});
  2. Upgrade to version 9.2.2 or 9.2.1:
  3. Attempt to retrieve the password using: 
    await getGenericPassword({ service: 'passcode' });

Observed Behavior:
The getGenericPassword call fails with the error:

Wrapped error: The message could not be decrypted successfully. It has either been tampered with or the wrong resource is being decrypted.

Expected Behavior:
The getGenericPassword call should successfully retrieve the password set in version 8.2.0.

Environment:

  • Devices Tested:
    • OnePlus 12 (Android 14)
    • Pixel 7a (Android 15)
  • React Native Keychain Version:
    • Set: 8.2.0
    • Retrieve: 9.2.2
  • React Native Version: 0.74.5

Additional Notes:
It seems like the encryption format or decryption logic may have changed between the two versions, resulting in backward compatibility issues. If this is expected, could you provide guidance on migrating securely without data loss?
@DorianMazur
Copy link
Collaborator

Hi! I’ll take a look at this soon. Just one quick question: is there a specific reason you’re still using FacebookConceal? It’s outdated and will be removed soon. Are other ciphers affected as well?

@Bowlerr
Copy link
Author

Bowlerr commented Dec 17, 2024

Hi! I’ll take a look at this soon. Just one quick question: is there a specific reason you’re still using FacebookConceal? It’s outdated and will be removed soon. Are other ciphers affected as well?

@DorianMazur I found this issue whilst upgrading from FacebookConceal to AES_GCM_NO_AUTH or AES_GCM depending on if the user wants to use biometrics.

I thought the issue at first was the migration to these storage types but ended up finding the issue was with the upgrading of the package.

@Bowlerr
Copy link
Author

Bowlerr commented Dec 17, 2024

I can check on the other ciphers we use. Currently it is KC which is also being migrated once we can sort this upgrade issue. I haven't had a chance to test this yet but can do today

@Bowlerr
Copy link
Author

Bowlerr commented Dec 23, 2024

So the other storage we used was KC which migrates over to AES_GCM_NO_AUTH without any issues. @DorianMazur

@Bowlerr
Copy link
Author

Bowlerr commented Jan 6, 2025

@DorianMazur hey, hope you've had a wonderful new year and holidays, I was wondering if there's any progress/updates on this ?

@DorianMazur
Copy link
Collaborator

@Bowlerr I will be working on it this weekend.

@DorianMazur
Copy link
Collaborator

Hi @Bowlerr,

I looked into this, but it’s quite difficult to investigate. It seems like the issue is related to FacebookConceal, which hasn’t been maintained for a few years now.

To fix this, I recommend switching to AES encryption in the version 8.2.0 of react-native-keychain. You can use the following code to safely migrate your data from FB to AES:

await getGenericPassword({ service: 'passcode', rules: SECURITY_RULES.AUTOMATIC_UPGRADE });

After that, you can update to version 9.2.2. Please note that FacebookConceal will be removed in the next major release of react-native-keychain.

Hope this helps!

@Bowlerr
Copy link
Author

Bowlerr commented Jan 14, 2025
edited
Loading

@DorianMazur
Hey, thank you for taking the time to look into this.

I have thought of that solution however I can't guarantee all our active users will upgrade the app in order and at the moment we do not have OTA updates in place.

The best bet I can think of is to hold off on updating after moving away from FC after a few app updates until an acceptable amount of users have converted.

If you have any other suggestions or luck figuring out a solution let me know

Bowlerr added a commit to Bowlerr/react-native-keychain that referenced this issue Jan 16, 2025
@Bowlerr @george-g-y-b
fix: CipherStorage: FacebookConceal - revert helper methods for prefi…
49b1617 
…x to remove spacing to match previous Java implementation

- Updated createPasswordEntity and createUsernameEntity in CipherStorageFacebookConceal to remove the unnecessary space after the prefix. Now both match the Java implementation.

- Resolves: oblador#704

Co-authored-by: George Bell <[email protected]>
@Bowlerr Bowlerr mentioned this issue Jan 16, 2025
Open
3 tasks
@Bowlerr
Copy link
Author

Bowlerr commented Jan 16, 2025

@DorianMazur I managed to figure out the issue. Ended up being an extra space being added in the conversion of the code to Kotlin... It works perfectly after.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DorianMazur @Bowlerr