Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AEADbadtagexception #38

Open
Minneth opened this issue Jun 5, 2018 · 8 comments
Open

AEADbadtagexception #38

Minneth opened this issue Jun 5, 2018 · 8 comments

Comments

@Minneth
Copy link

Minneth commented Jun 5, 2018

Hi, I'm getting the above exception when I try to get a previous stored value. I'm using the package within a Xamarin.Forms Android app only. The issue appears to happen whenever the app has been re-opened after being closed. Can you please advise?
@sameerkapps
Copy link
Owner

Can you please provide more details/code? Thanks.

@Just89
Copy link

Just89 commented Aug 13, 2018

Hello, im currently getting the same exception as described above, on android Oreo and Pie, while using plugin version 2.5.0.

When setting SecureStorageImplementation.StorageType = StorageTypes.AndroidKeyStore;
And then calling: CrossSecureStorage.Current.GetValue("keyName");
The following exception occurs:

{Java.Security.GeneralSecurityException: Exception of type 'Java.Security.GeneralSecurityException' was thrown. ---> Java.Lang.Exception: Signature/MAC verification failed --- End of managed Java.Security.GeneralSecurityException stack trace --- javax.crypto.AEADBadTagException at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:517) at javax.crypto.Cipher.doFinal(Cipher.java:2113) at mono.java.lang.RunnableImplementor.n_run(Native Method) at mono.java.lang.RunnableImplementor.run(RunnableImplementor.java:30) at android.os.Handler.handleCallback(Handler.java:873) at android.os.Handler.dispatchMessage(Handler.java:99) at android.os.Looper.loop(Looper.java:193) at android.app.ActivityThread.main(ActivityThread.java:6669) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858) Caused by: android.security.KeyStoreException: Signature/MAC verification failed at android.security.KeyStore.getKeyStoreException(KeyStore.java:839) at android.security.keystore.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:224) at android.security.keystore.AndroidKeyStoreAuthenticatedAESCipherSpi$BufferAllOutputUntilDoFinalStreamer.doFinal(AndroidKeyStoreAuthenticatedAESCipherSpi.java:373) at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:506) ... 10 more }

When changing to SecureStorageImplementation.StorageType = StorageTypes.PasswordProtectedFile; it does work and the key can be retrieved every time.

@OliverMDr
Copy link

OliverMDr commented Sep 4, 2018
edited
Loading

Version: 2.5
Android-API: 25

AndroidKeystore Storagetype works for me except in one use case, I get the same exception as @Just89.

It occurs with AutoBackup when doing the following steps:

  1. Install Android-Sample-App (in manifest I had to set Target-SDK to API 27) and set value for key XXX in keystore
  2. Using Android AutoBackup: adb shell bmgr backupnow com.companyname.SecureStorageSample
  3. Uninstall App
  4. Reinstall App via adb (Important: With automatic restore enabled in settings --> Backup&reset)
  5. Try to get value for key XXX that was stored in step 1 --> AEADBadTagException

Interesting: When clicking on "Has Value" for key XXX it says "Y"es

Edit: Ok I digged a little deeper and found out that HasValue returns Yes because the Preferences File with the key/value pairs is backed up and restored after reinstall. The problem is that the key in the keystore is deleted during uninstall as far as I know. Thus, after reinstall, a new key is generated in keystore and GetValue can not decrypt the value that was encrypted with the previous key.

@Mikilll94
Copy link

I think the best solution is just to disable backing up data from Google Drive. You can do this in this way:

image

It is described better here:
https://developer.android.com/guide/topics/data/autobackup#EnablingAutoBackup

On this website it is mentioned that backing up data should not be used for user sensitive data - data which is stored in Secure Storage.

@OliverMDr
Copy link

Thanks for your response. I ended up with creating custom backup rules, that exclude the SecureStorage.xml, because I wanted to allow to backup some other not sensitive user settings.

@CollapsedMetal
Copy link

CollapsedMetal commented Jun 18, 2019
edited
Loading

I am experiencing same issue on Android regarding Signature/MAC verification failed.

To resolve this issue I followed these steps:

  • Set <application android:allowBackup="false" ... > on your AndroidManifest.xml

  • Disable automatic restoration on physical device
    WhatsApp Image 2019-06-17 at 7 51 45 PM

  • Reinstall application

  • Re-Enable automatic restoration on physical device.

After doing this, i haven't had issues so far... =)

@dush135
Copy link

dush135 commented Mar 25, 2021

@OliverMDr do you have the custom backup rules file?

@OliverMDr
Copy link

@dush135 See here: https://developer.android.com/guide/topics/data/autobackup#IncludingFiles

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@Just89 @CollapsedMetal @Minneth @sameerkapps @Mikilll94 @OliverMDr @dush135