Page MenuHomePhabricator
Differential D4664

Ensure new encryption key is generated every time iOS/Android application creates database for the first time
ClosedPublic
Actions

Authored by marcin on Jul 28 2022, 12:46 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, May 15, 5:02 AM
Unknown Object (File)
Mon, Apr 29, 5:13 PM
Unknown Object (File)
Mon, Apr 29, 5:13 PM
Unknown Object (File)
Mon, Apr 29, 5:13 PM
Unknown Object (File)
Apr 18 2024, 2:07 PM
Unknown Object (File)
Apr 18 2024, 2:07 PM
Unknown Object (File)
Apr 18 2024, 2:07 PM
Unknown Object (File)
Apr 18 2024, 2:07 PM
View All 88 Files
Subscribers
abosh
adrian
ashoat

Details

Reviewers
tomek
atul
ashoat
jon
Commits
rCOMM718a6f44ad50: Ensure new encryption key is generated every time iOS/Android application…
Summary

This differential ensures that every time application is about to create new database new encryption key will be used even if there is already one in SecureStore. It is implemented in CommonCpp but it targets iOS. On iOS expo-secure-store is implemented on top of Key chain services which survive application deletion and there is no way we can disable this (see discussion https://linear.app/comm/issue/ENG-552/remove-data-from-secure-store-when-uninstalling-application). It was agreed then that upon app reinstalation we will generate new encryption key (see discussion https://linear.app/comm/issue/ENG-552/remove-data-from-secure-store-when-uninstalling-application)

Test Plan

place two logging lines - one before file_exists(databasePath) check and one after. Ensure that every application reinstallation produces two different encryption keys in those two lines.

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

marcin created this revision.Jul 28 2022, 12:46 AM
Herald added subscribers: abosh, adrian, ashoat. · View Herald TranscriptJul 28 2022, 12:46 AM
marcin added a parent revision: D4663: Disable shared preferences data from being automatically backed up in google cloud.Jul 28 2022, 12:47 AM
Harbormaster completed remote builds in B10931: Diff 15040.Jul 28 2022, 12:59 AM
marcin requested review of this revision.Jul 28 2022, 12:59 AM
ashoat accepted this revision.Jul 28 2022, 6:37 AM
This revision is now accepted and ready to land.Jul 28 2022, 6:37 AM
marcin added a child revision: D4728: Introduce and implement 'clearSensitiveData' method in DetabaseQueryExecutor and SQLiteQueryExecutor.Aug 3 2022, 6:02 AM
tomek accepted this revision.Aug 4 2022, 3:21 AM
marcin edited child revisions, added: D4846: Check for the case of database encrypted with key that is lost; removed: D4728: Introduce and implement 'clearSensitiveData' method in DetabaseQueryExecutor and SQLiteQueryExecutor.Aug 16 2022, 2:32 AM
marcin updated this revision to Diff 16304.Sep 5 2022, 4:55 AM

Rebase on master

Herald added a reviewer: jon. · View Herald TranscriptSep 5 2022, 4:55 AM
Harbormaster completed remote builds in B11872: Diff 16304.Sep 5 2022, 5:05 AM
Closed by commit rCOMM718a6f44ad50: Ensure new encryption key is generated every time iOS/Android application… (authored by marcin). · Explain WhySep 5 2022, 7:03 AM
This revision was automatically updated to reflect the committed changes.
marcin added a commit: rCOMM718a6f44ad50: Ensure new encryption key is generated every time iOS/Android application….

Revision Contents
Changeset List

PathSize
native/
cpp/
CommonCpp/
DatabaseManagers/
2 lines

Diff 16319

View Options

native/cpp/CommonCpp/DatabaseManagers/SQLiteQueryExecutor.cpp

Loading...