Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unhandled Exception: PlatformException(Exception encountered, read, javax.crypto.BadPaddingException: error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT #354

Closed
namanshergill opened this issue Jan 15, 2022 · 49 comments
Labels

Comments

@namanshergill
Copy link

Issue is reproducible in release mode where an existing app backup is restored, using Google One or a rooted device.

This issue was being tracked in #161 and still exists in the latest version, yet the issue was closed and still remains closed to this day even after many people confirming the issue was never fixed in the replies.

E/flutter (23800): [ERROR:flutter/lib/ui/ui_dart_state.cc(209)] Unhandled Exception: PlatformException(Exception encountered, read, javax.crypto.BadPaddingException: error:1e000065
:Cipher functions:OPENSSL_internal:BAD_DECRYPT
E/flutter (23800):      at com.android.org.conscrypt.NativeCrypto.EVP_CipherFinal_ex(Native Method)
E/flutter (23800):      at com.android.org.conscrypt.OpenSSLEvpCipher.doFinalInternal(OpenSSLEvpCipher.java:152)
E/flutter (23800):      at com.android.org.conscrypt.OpenSSLCipher.engineDoFinal(OpenSSLCipher.java:374)
E/flutter (23800):      at javax.crypto.Cipher.doFinal(Cipher.java:2055)
E/flutter (23800):      at com.it_nomads.fluttersecurestorage.ciphers.StorageCipher18Implementation.decrypt(StorageCipher18Implementation.java:103)
E/flutter (23800):      at com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin.decodeRawValue(FlutterSecureStoragePlugin.java:231)
E/flutter (23800):      at com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin.read(FlutterSecureStoragePlugin.java:213)
E/flutter (23800):      at com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin.access$500(FlutterSecureStoragePlugin.java:37)
E/flutter (23800):      at com.it_nomads.fluttersecurestorage.FlutterSecureStoragePlugin$MethodRunner.run(FlutterSecureStoragePlugin.java:302)
E/flutter (23800):      at android.os.Handler.handleCallback(Handler.java:938)
E/flutter (23800):      at android.os.Handler.dispatchMessage(Handler.java:99)
E/flutter (23800):      at android.os.Looper.loopOnce(Looper.java:201)
E/flutter (23800):      at android.os.Looper.loop(Looper.java:288)
E/flutter (23800):      at android.os.HandlerThread.run(HandlerThread.java:67)
E/flutter (23800): , null)
@namanshergill
Copy link
Author

Please, either open the previous issue or keep this one open. This is a major bug and should be tracked.

@namanshergill
Copy link
Author

namanshergill commented Jan 15, 2022

The current best workaround according to my research is:

  static Future<String?> getAccessTokenFromDevice() async {
    const _storage = FlutterSecureStorage();
    try {
      final accessToken = await _storage.read(key: 'accessToken');
      return accessToken;
    } on PlatformException catch (e) {
      // Workaround for https://github.com/mogol/flutter_secure_storage/issues/43
      await _storage.deleteAll();
    }
  }

This way you don't have to lose out on the shared preferences being backed up like in the other suggestions which are honestly, a bit hacky.

It would be good if the library could be updated to handle this issue on its own?

@vlkonoshenko
Copy link

vlkonoshenko commented Feb 2, 2022

@namanshergill Which version of the package are you using? Does this issue still persist?

@namanshergill
Copy link
Author

@namanshergill Which version of the package are you using? Does this issue still persist?

5.0.2, and yes, it still happens.

@vlkonoshenko
Copy link

@namanshergill Which version of the package are you using? Does this issue still persist?

5.0.2, and yes, it still happens.

I have a report from the sentry but can`t reproduce it. Do you get this error every time when trying to read from storage?

@namanshergill
Copy link
Author

@namanshergill Which version of the package are you using? Does this issue still persist?

5.0.2, and yes, it still happens.

I have a report from the sentry but can`t reproduce it. Do you get this error every time when trying to read from storage?

The reproduction method is restoring an app backup from Google after a factory reset/new phone setup or if you have root, through backup apps like Swift backup.

The error will show up everytime you try to access the storage, until the user manually clears the app data.

@peterhijma
Copy link

Got the same error today.

@amitBlueVine
Copy link

Got the same error today

@MiroLiebschner
Copy link

MiroLiebschner commented Mar 2, 2022

Same error today.
@namanshergill there a reason you use _storage.deleteAll() instead of just deleting the key with _storage..delete(key: "accessToken")? I am a bit hesitant to delete all data in secure storage

@namanshergill
Copy link
Author

Same error today.
@namanshergill there a reason you use _storage.deleteAll() instead of just deleting the key with _storage..delete(key: "accessToken")? I am a bit hesitant to delete all data in secure storage

No specific reason, I am only storing an access token in it so both would be the same for me.

However, is there any point in not deleting everything if the plugin will throw an exception every time you try accessing that data?

@jeff-odopass
Copy link

I'm also experiencing the same issue, happened for 12 of my end-users in production. I noticed that most of these issues were with Samsung phones, specially the ones named 'SM-G...'.
It appeared only for Android 11 & 12 for now. Same stacktrace as mentioned above, let me know if you need anything.

@jtmuller5
Copy link

This is happening on my Samsung S22. Adding allowBackup and fullBackupContent did not fix the issue.

@SithumDilanga
Copy link

The current best workaround according to my research is:

  static Future<String?> getAccessTokenFromDevice() async {
    const _storage = FlutterSecureStorage();
    try {
      final accessToken = await _storage.read(key: 'accessToken');
      return accessToken;
    } on PlatformException catch (e) {
      // Workaround for https://github.com/mogol/flutter_secure_storage/issues/43
      await _storage.deleteAll();
    }
  }

This way you don't have to lose out on the shared preferences being backed up like in the other suggestions which are honestly, a bit hacky.

It would be good if the library could be updated to handle this issue on its own?

this solved my issue

@senenpalanca97
Copy link

Got the same error today.

@juliansteenbakker
Copy link
Owner

It would be good if the library could be updated to handle this issue on its own?

I will look into this, thanks

@tal-nir
Copy link

tal-nir commented Mar 29, 2022

Got the same error today.

@EhabSalah
Copy link

Any Updates ????

@fionues
Copy link

fionues commented Apr 4, 2022

The current best workaround according to my research is:

  static Future<String?> getAccessTokenFromDevice() async {
    const _storage = FlutterSecureStorage();
    try {
      final accessToken = await _storage.read(key: 'accessToken');
      return accessToken;
    } on PlatformException catch (e) {
      // Workaround for https://github.com/mogol/flutter_secure_storage/issues/43
      await _storage.deleteAll();
    }
  }

This way you don't have to lose out on the shared preferences being backed up like in the other suggestions which are honestly, a bit hacky.

It would be good if the library could be updated to handle this issue on its own?

A user with a pixel 4a had the same problem after a reinstall. deleteAll() did not help (I had this implemented already) only a manual clear of app data did.

@AlgoritmoDelCambio
Copy link

The current best workaround according to my research is:

  static Future<String?> getAccessTokenFromDevice() async {
    const _storage = FlutterSecureStorage();
    try {
      final accessToken = await _storage.read(key: 'accessToken');
      return accessToken;
    } on PlatformException catch (e) {
      // Workaround for https://github.com/mogol/flutter_secure_storage/issues/43
      await _storage.deleteAll();
    }
  }

This way you don't have to lose out on the shared preferences being backed up like in the other suggestions which are honestly, a bit hacky.
It would be good if the library could be updated to handle this issue on its own?

A user with a pixel 4a had the same problem after a reinstall. deleteAll() did not help (I had this implemented already) only a manual clear of app data did.

Same here.

In our case, anything called through _storage is what gives the PlatformException. So, if we catch this exception and we try to call the .deleteAll() over the same _storage, the exception is thrown again and the App crashes completely 😭

@georgiosd
Copy link

So there's no workaround for this? 😭

@royvangeel
Copy link

Any updates on this?

@Yongle-Fu
Copy link

Samsung

same issue in
Xiaomi 2201122C, X-Client-Version: Android 12 / SDK 31

@gerritwitkamp
Copy link

Any progress on this?

@ghost
Copy link

ghost commented Jun 29, 2022

Just to make sure, its safer not to use flutter_secure_storage for android unless this problem is fixed, right?

@jfahrenkrug
Copy link

jfahrenkrug commented Jun 29, 2022

If you use version 5.0.2, make sure you use this option when creating the instance:

FlutterSecureStorage(aOptions: AndroidOptions(
    encryptedSharedPreferences: true,
));

This causes the package to use Android's built-in EncryptedSharedPreferences. The crash only seems to occur when not using this setting, because then the package uses a different way of encrypting and decrypting the prefs. You can see that by reading the source code here: https://github.com/mogol/flutter_secure_storage/blob/26efe91a75228ad8c8626d6eea18f7f3cb21bdd9/flutter_secure_storage/android/src/main/java/com/it_nomads/fluttersecurestorage/FlutterSecureStoragePlugin.java#L101

Also see #328 (comment)

@DamienMrtl
Copy link

If you use version 5.0.2, make sure you use this option when creating the instance:

FlutterSecureStorage(aOptions: AndroidOptions(
    encryptedSharedPreferences: true,
));

This causes the package to use Android's built-in EncryptedSharedPreferences. The crash only seems to occur when not using this setting, because then the package uses a different way of encrypting and decrypting the prefs. You can see that by reading the source code here:

https://github.com/mogol/flutter_secure_storage/blob/26efe91a75228ad8c8626d6eea18f7f3cb21bdd9/flutter_secure_storage/android/src/main/java/com/it_nomads/fluttersecurestorage/FlutterSecureStoragePlugin.java#L101

Also see #328 (comment)

Fixed it for me. Thanks :D

@simplenotezy
Copy link

If you use version 5.0.2, make sure you use this option when creating the instance:

FlutterSecureStorage(aOptions: AndroidOptions(
    encryptedSharedPreferences: true,
));

This causes the package to use Android's built-in EncryptedSharedPreferences. The crash only seems to occur when not using this setting, because then the package uses a different way of encrypting and decrypting the prefs. You can see that by reading the source code here:

https://github.com/mogol/flutter_secure_storage/blob/26efe91a75228ad8c8626d6eea18f7f3cb21bdd9/flutter_secure_storage/android/src/main/java/com/it_nomads/fluttersecurestorage/FlutterSecureStoragePlugin.java#L101

Also see #328 (comment)

Is there a way to enable this globally? We use storage in quite a few different widgets

@AristideVB
Copy link

Still having this issue on v8.0.0

andreasgangso added a commit to bcc-code/bcc-media-app that referenced this issue May 3, 2023
- forgot setState on the future so the error widget didnt show.
- the error came from a bug in secure_storage after backup restore.
juliansteenbakker/flutter_secure_storage#354
- this fix causes all android users to get signed out once
@mirkomartino
Copy link

mirkomartino commented May 25, 2023

Continuo a riscontrare questo problema su v8.0.0

I also had the same problem as you on that version.

I just added to the manifest these rules on the application node to solve:

<application 
android:allowBackup="false" 
android:fullBackupContent="false" ...>

@bahman2000
Copy link

Still an issue.

flutter_secure_storage 9.0.0 in Android 9.

@acheronian
Copy link

Got the issue randomly on Android 14 devices, LogCat shows following error in production app:

[ERROR:flutter/lib/ui/ui_dart_state.cc(198)] Unhandled Exception: PlatformException(Exception encountered, read, javax.crypto.BadPaddingException: error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT
	at com.android.org.conscrypt.NativeCrypto.EVP_CipherFinal_ex(Native Method)
	at com.android.org.conscrypt.OpenSSLEvpCipher.doFinalInternal(OpenSSLEvpCipher.java:152)
	at com.android.org.conscrypt.OpenSSLCipher.engineDoFinal(OpenSSLCipher.java:374)
	at javax.crypto.Cipher.doFinal(Cipher.java:2056)
	at w6.h.b(Unknown Source:35)
	at v6.a.c(Unknown Source:11)
	at v6.a.k(Unknown Source:17)
	at v6.e$b.run(Unknown Source:233)
	at android.os.Handler.handleCallback(Handler.java:958)
	at android.os.Handler.dispatchMessage(Handler.java:99)
	at android.os.Looper.loopOnce(Looper.java:230)
	at android.os.Looper.loop(Looper.java:319)
	at android.os.HandlerThread.run(HandlerThread.java:67)
, null)
#0      StandardMethodCodec.decodeEnvelope (package:flutter/src/services/message_codecs.dart:607)
#1      MethodChannel._invokeMethod (package:flutter/src/services/platform_channel.dart:167)

@joabsantos
Copy link

Got same today

flutter_secure_storage: ^8.1.0

@Nithsua

This comment was marked as resolved.

@Nithsua
Copy link

Nithsua commented May 8, 2024

Also curious does it happen on other operations like write() for anyone?

@brandon-watkins-avcrm
Copy link

Any news on this? I am seeing it happen today on Android 9

@juliansteenbakker
Copy link
Owner

This issue is probably caused by the JetSec Crypto library. I am trying to rewrite this library because it is deprecated, and progress will be tracked in #769 . It would be great if someone could test this implementation when the first beta will be released.

@bahadirarslan
Copy link

I am still having issues on Samsung S23 Ultra and Samsung A54 5G mostly, users have to login couple times a day because app looses token from the storage (unable to read the token). Using version ^8.1.0 . And using crashlytics I have proved that randomly device can not read the storage by key, just return null, but key is in the storage. Same app version, 95% of the users have never complained.

Same situation, instead of only Samsung devices MI devices have also problems with this library. They can not read token from storage.

@sanjaycdev
Copy link

i was facing the same issue while debugging in my Samsung device. after struggling for a while i tried a different app id and booom its fixed!@
hope it saves some time for some one :)

@namanshergill
Copy link
Author

i was facing the same issue while debugging in my Samsung device. after struggling for a while i tried a different app id and booom its fixed!@ hope it saves some time for some one :)

I’m pretty sure because that’s because the new app ID is letting it have fresh new prefs now. Once you have encrypted data in there and it fails to decrypt like above, you’ll likely be back to square one.

@AlgoritmoDelCambio
Copy link

AlgoritmoDelCambio commented Oct 26, 2024 via email

@daniloapr
Copy link

Any updates on this issue? This just started happening to our Android users after updating to flutter_secure_storage 9.2.2 and Flutter 3.24.5.

@frankmer
Copy link

Any updates on this issue? This just started happening to our Android users after updating to flutter_secure_storage 9.2.2 and Flutter 3.24.5.

#769

@juliansteenbakker
Copy link
Owner

Hi all, i have released v10.0.0-beta.1 with lots of updates in the code. Please let me know if this still an issue with this version.

@juliansteenbakker
Copy link
Owner

Some more background about this issue. The issue is due to the encrypted keyset being corrupted, or if it was encrypted with a different master key. This can happen if a backup is restored via google drive.

Please make sure the following is added to your manifest android/app/src/main/AndroidManifest.xml:
<application android:allowBackup="false" ...>

@juliansteenbakker
Copy link
Owner

I'm closing this because recovery from backup is not supported, because we will lose vital data if that happens.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests