Page MenuHomePhabricator

Ensure new encryption key is generated every time iOS/Android application creates database for the first time
ClosedPublic

Authored by marcin on Jul 28 2022, 12:46 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 5, 10:59 AM
Unknown Object (File)
Oct 10 2024, 3:17 PM
Unknown Object (File)
Oct 10 2024, 3:17 PM
Unknown Object (File)
Oct 10 2024, 3:17 PM
Unknown Object (File)
Oct 10 2024, 3:16 PM
Unknown Object (File)
Oct 10 2024, 3:12 PM
Unknown Object (File)
Oct 7 2024, 4:55 AM
Unknown Object (File)
Oct 7 2024, 4:55 AM

Details

Summary

This differential ensures that every time application is about to create new database new encryption key will be used even if there is already one in SecureStore. It is implemented in CommonCpp but it targets iOS. On iOS expo-secure-store is implemented on top of Key chain services which survive application deletion and there is no way we can disable this (see discussion https://linear.app/comm/issue/ENG-552/remove-data-from-secure-store-when-uninstalling-application). It was agreed then that upon app reinstalation we will generate new encryption key (see discussion https://linear.app/comm/issue/ENG-552/remove-data-from-secure-store-when-uninstalling-application)

Test Plan

place two logging lines - one before file_exists(databasePath) check and one after. Ensure that every application reinstallation produces two different encryption keys in those two lines.

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

This revision is now accepted and ready to land.Jul 28 2022, 6:37 AM