Steps to reproduce:
- Get a pixel device (since android 13 is only available on that).
- Update it to android 13.
- Interact with keychain, especially
Keychain.getGenericPassword({ service: KEY })
Version info:
{
"react": "17.0.2",
"react-native": "0.66.4",
"react-native-keychain": "8.0.0"
}
Stack trace:
{
"nativeStackAndroid": [
{
"lineNumber": 150,
"file": "CipherStorageKeystoreAesCbc.java",
"methodName": "decrypt",
"class": "com.oblador.keychain.cipherStorage.CipherStorageKeystoreAesCbc"
},
{
"lineNumber": 165,
"file": "CipherStorageKeystoreAesCbc.java",
"methodName": "decrypt",
"class": "com.oblador.keychain.cipherStorage.CipherStorageKeystoreAesCbc"
},
{
"lineNumber": 679,
"file": "KeychainModule.java",
"methodName": "decryptToResult",
"class": "com.oblador.keychain.KeychainModule"
},
{
"lineNumber": 646,
"file": "KeychainModule.java",
"methodName": "decryptCredentials",
"class": "com.oblador.keychain.KeychainModule"
},
{
"lineNumber": 306,
"file": "KeychainModule.java",
"methodName": "getGenericPassword",
"class": "com.oblador.keychain.KeychainModule"
},
{
"lineNumber": 367,
"file": "KeychainModule.java",
"methodName": "getGenericPasswordForOptions",
"class": "com.oblador.keychain.KeychainModule"
},
{
"lineNumber": -2,
"file": "Method.java",
"methodName": "invoke",
"class": "java.lang.reflect.Method"
},
{
"lineNumber": 372,
"file": "JavaMethodWrapper.java",
"methodName": "invoke",
"class": "com.facebook.react.bridge.JavaMethodWrapper"
},
{
"lineNumber": 188,
"file": "JavaModuleWrapper.java",
"methodName": "invoke",
"class": "com.facebook.react.bridge.JavaModuleWrapper"
},
{
"lineNumber": -2,
"file": "NativeRunnable.java",
"methodName": "run",
"class": "com.facebook.react.bridge.queue.NativeRunnable"
},
{
"lineNumber": 942,
"file": "Handler.java",
"methodName": "handleCallback",
"class": "android.os.Handler"
},
{
"lineNumber": 99,
"file": "Handler.java",
"methodName": "dispatchMessage",
"class": "android.os.Handler"
},
{
"lineNumber": 27,
"file": "MessageQueueThreadHandler.java",
"methodName": "dispatchMessage",
"class": "com.facebook.react.bridge.queue.MessageQueueThreadHandler"
},
{
"lineNumber": 201,
"file": "Looper.java",
"methodName": "loopOnce",
"class": "android.os.Looper"
},
{
"lineNumber": 288,
"file": "Looper.java",
"methodName": "loop",
"class": "android.os.Looper"
},
{
"lineNumber": 226,
"file": "MessageQueueThreadImpl.java",
"methodName": "run",
"class": "com.facebook.react.bridge.queue.MessageQueueThreadImpl$4"
},
{
"lineNumber": 1012,
"file": "Thread.java",
"methodName": "run",
"class": "java.lang.Thread"
}
],
"userInfo": null,
"message": "Could not decrypt data with alias: TOKEN_IDENTIFIER",
"code": "E_CRYPTO_FAILED",
"line": LINE_NUMBER,
"column": COLUMN_NUMBER,
"sourceURL": "http://localhost:8081/index.bundle?platform=android&dev=true&minify=false&app=APP_NAME&modulesOnly=false&runModule=true"
}
We see the same pattern, with errors increasing from 11th October.
E_CRYPTO_FAILEDCould not decrypt data with alias:.Our working theory is that reading values that are stored with
Keychain.setGenericPasswordbefore the Samsung security update, will not be readable withKeychain.getGenericPasswordafter the update. Overwriting the values in keychain after the security update makes the values readable again.The same issue here,
Could not decrypt data with alias:for the devices below all runningAndroid 13:I’ve encountered this issue on a project I’ve been working on, so have spent a bit of time investigating.
This stack overflow (https://stackoverflow.com/a/65299208/5909648) prompted me to take a look at the code and there are a number of places in the codebase where strings are being converted to byte arrays, and vice versa.
I’m inclined to agree with the stack overflow post, and that the issue is likely to be caused by loss of information in these conversions. It’s a pretty big change to remove this conversion as it will have potential knock on impact on the JS -> native interface.
We also started experiencing this issue in our production app with android 13 google pixel 7
Seeing this error on Android 13 (pixel) but not a lot of other places. We can move to FB, but that’d require all of our users to either sign back in, or delete the app and reinstall.
Still unsure of why tho
Cross posting this for visibility https://github.com/oblador/react-native-keychain/issues/458#issuecomment-1780118404
Same for us. Seems to be related to the latest Samsung Security Release…
We have been receiving “Could not encrypt data with alias” errors, starting Oct 11th as well. Same models as above.
We have seen a sudden increase of this error the last few days, starting to pick up on the 11th of October. Could it be that Samsung is rolling out a security fix that makes this issue worse? Are any of you experiencing the same?
While debugging I found that the file /node_modules/react-native-keychain/android/src/main/java/com/oblador/keychain/cipherStorage/CipherStorageKeystoreAesCbc.java has a problem. The line which breaks is shown below:
We have that issue too “since 2 years” now … But it is not only Android 12->13 because we have it also on Android 8.1, 10, 12 and several different device types. So we are also still trying to find out.
We’re having the same issue and we seriously struggle to reproduce it as well.
We’re throwing a few theories to the wall at the moment to see what sticks: From my colleague @jemise111: Would it be possible that the issue is specific to apps which had the Keychain setup while the OS was on Android 12 or earlier, and that it now fails since the device got updated to Android 13? It could explain the difficulty to reproduce when we all fresh install the app on our device.
@Thaisagathem yeah, this is exactly how we are seeing it too 😦
oh the irony 😃