- migrate to AndroidX (thx @marukami and special thx @davidmigloz)
- update AGP and Gradle
If you are using code of any of the following libraries as transitive dependencies through this lib:
at.favre.lib:hkdfat.favre.lib:bytesat.favre.lib:bcryptcom.jakewharton.timber:timber
your build may break and you have to add the dependency manually to your build. The reason is, that
I changed the scope of these to implementation. See https://docs.gradle.org/current/userguide/java_library_plugin.html#:~:text=The%20api%20configuration%20should%20be,are%20internal%20to%20the%20component.
- improve AES-GCM decryption logic
- use fallback if ANDROID_ID returns null #49
- update AGP and some libs (bcrypt & hkdf)
- update to checkstyle 8.31
- add wiping of pw cache to close() method in SecureSharedPreferences
- increase internal optional password cache to 12 from 8
- add shared preference listener feature which works with unencrypted data #47 (thx @davidgarciaanton)
- update AGP, target SDK to 29 and several internal dependencies
- Fixed an issue when getting and setting values from different threads in parallel #41
- Improve derive user password memory protection #32
- Add derived password cache to speed up consecutive .get() calls #32
- Improve RecoveryPolicy #35
The RecoveryPolicy interface changed to include a more flexible handle method.
If you used the old one just change:
new RecoveryPolicy.Default(true, false);to
new SimpleRecoveryPolicy.Default(true, false);What was RecoveryPolicy is now SimpleRecoveryPolicy.
- [Security] Fix bcrypt implementation #16, #8
- [Security] Add full Kitkat support #6, #31
- Add change password feature #13, #22
- Add change key stretching feature #16
In the old bcrypt implementation the following issues were found (#16):
- only uses max 36 bytes entropy of the possible 72 bytes allowed by bcrypt
- only uses 11 byte entropy of the 16 byte possible salt
These issue limit the security strength of the KDF severely and immediate update is recommended.
The security fix unfortunately introduced some non-backwards compatible changes. Migration will only be needed if:
- a user password was used previously
- the default keyStretchingFunction() was used (ie. using the default config)
Updating the library will instantly make your data incompatible in this case. Please follow the migration steps below:
- Set the old bcrypt key stretching function, renamed to
BrokenBcryptKeyStretcher, so the lib will be again able to read the data:
SharedPreferences preferences = Armadillo.create(context, ...)
...
.password(myPassword);
.keyStretchingFunction(new BrokenBcryptKeyStretcher()).build();- Use the change password feature to set the new fixed implementation. For this to work the user password is required. If you don't want the password to change use the same one:
preferences.changePassword(myPassword, new ArmadilloBcryptKeyStretcher());And that's basically it. From now on you won't need to set the
keyStretchingFunction() any more. Note, that changing the password, is
a very slow process, because it involves, decrypting and re-encrypting all
values in the preference store (it is transactional).
I recommend setting a migration flag in a non-encrypted SharedPreference
and migrate the next time the user has to enter the password (this process
should be in background task anyway, so it should only take a bit longer
to decrypt for the user)
- [Security] A user provided password was NOT used for the creation of the secret key #11 (thx @davidmigloz)
- Various small fixes cleaning memory from security relevant data (internal keys, salts, etc.)
- Fix minSdk to be 19 instead of 21
- New logo (thx @iqbalhood)
- Currently the AES mode GCM does not work correctly on Kitkat, working on a fix
- Currently migration is needed if user password was used (will add a migration guide later)
Note: If you are using 0.4.x of armadillo, the user password will not encrypt the data. Please update ASAP, but mind that this might make data inaccessible. I will be working on a workaround/migration guide. (see #11)
- Better exception clean up with resources and some byte wipe
Note: This release has a known security issue relating to the user password not correctly used during encryption (see #11). Do not use this release and migrate to 0.5+ ASAP.
- Supporting
nullin.putString()and.putStringSet(); same as callingremove()as per API spec
- Fixes missing using incorrect dependency type '.aar'
- Fixes missing transitive dependency in pom
Note: This release has a bug in the pom dependency file.
- Add compressor feature
- Fixes issue were storage salt was incorrectly created
Note: misses transitive dependencies.
- Add authenticated encryption additional associated data
- Add crypto protocol version
Note: This version has fatal flaw not correctly persisting the storage random making it impossible to retrieve the data after recreating the shared preferences.
- Initial release