Uploaded image for project: 'AeroGear'
  1. AeroGear
  2. AEROGEAR-3673

EncryptedSQLStore should fail to open with wrong passphrase


    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Critical Critical
    • None
    • 1.3.0, 1.4.0, 2.0.0
    • security
    • None

      Right now the EncryptedSQLStore can be opened with any passphrase and it only throws an InvalidKeyException when readAll is called. I see two major issues in this behaviour.

      1) It's confusing for developers and requires them do one more step. The store should not get opened if the passphrase is wrong. It also leads to a problem I've discovered:
      Open datastore with one passphrase. Insert some data into it. Close the datastore. Open it with another passphrase. Insert some data into it. That way you can no longer call readAll, as it won't work for any of the two passphrases. This means that the write method doesn't depend on the passphrase being right or wrong. It just writes the data with the current one.

      2) Performance bottleneck. Having to read all the entities from the database is expensive. Also if they're just thrown away right after the reading, GC kicks in and halts the code execution for a while.

      Possible implementation:
      When the store is created, save some metadata entity at the first row. It might probably be completely random data, as we'll be only interested in reading it and deciding if the passphrase was right (similar to what readAll does). If it's not right, throw an InvalidKeyException right when the store is being opened. That way, developers will be sure that if the store has been opened, it's safe to read and write to it.

            Unassigned Unassigned
            tkriz_jira Tadeas Kriz (Inactive)
            0 Vote for this issue
            3 Start watching this issue