Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Large strings cannot be stored in securestorage, and must be chunked. #9

Open
Asday opened this issue Jun 19, 2019 · 16 comments
Open

Large strings cannot be stored in securestorage, and must be chunked. #9

Asday opened this issue Jun 19, 2019 · 16 comments
Labels
bug Something isn't working

Comments

@Asday
Copy link
Contributor

Asday commented Jun 19, 2019
edited
Loading

expo/expo#1765

Size limit for a value is 2048 bytes. An attempt to store larger values may fail. Currently, we print a warning when the limit is reached, but we will throw an error starting from SDK 35.

https://docs.expo.io/versions/latest/sdk/securestore/
@Cretezy
Copy link
Owner

Cretezy commented Jun 19, 2019

This is definitely going to be an issue. I will rework this to use AES to allow large blobs soon. Thank you for rising this issue

@Cretezy Cretezy added the bug Something isn't working label Jun 19, 2019
@Asday
Copy link
Contributor Author

Asday commented Jun 19, 2019

I was thinking of a much cruder solution:

  • in setItem(), store the size of value / 2048 as key, then chunk value to 2048, and store as key[x];
  • in getItem(), get the size of the value from key, then retrieve that many chunks, and concatenate them;
  • in removeItem(), get the size of the value from key, then delete key[0-n].

@Cretezy
Copy link
Owner

Cretezy commented Jun 19, 2019

I don't think chunking is the right solution, it would create a lot of overhead and would be must less efficient

@Asday
Copy link
Contributor Author

Asday commented Jun 20, 2019

I'm not sure implementing one's own encryption would align with the name of the repo - encrypted by expo or by us, storing large amounts per key in securestore isn't possible.

I may be misunderstanding.

@Asday Asday mentioned this issue Jun 20, 2019
Closed
@Cretezy
Copy link
Owner

Cretezy commented Jul 10, 2019

The usual solution for storing encrypted data on mobile is this (see other libraries implementing the same pattern):

  • Create AES key, store it in the secure OS store (this library stores data in the secure OS store, just need to store the AES key instead of the data)
  • When saving data, encrypt it with said key and save it to disk (it is encrypted, and disk has no file limit)
  • When fetching data, fetch the AES key from the secure OS store, then read disk data and decrypt it

I will create an extension to this package when I have time to allow for this pattern

@leviathanbeak
Copy link

@Cretezy so should we just wait and ignore the warning for now or ?

@Asday
Copy link
Contributor Author

Asday commented Jul 18, 2019

Depends on your case and environment. You should get an idea of how much stored breaks your intended audience's environments, and how much you're likely to store at most.

If it's looking risky for you, consider helping @Cretezy out with his describe AES solution, or switching to a different storage solution and sacrificing the security.

@thargenediad
Copy link

We eagerly await the new extension, @Cretezy!

@istvan-szilagyi
Copy link

We couldn't wait anymore for the new extension, so we created our own package which works as @Cretezy told it should (so big credits for him on the idea).

https://github.com/neverdull-agency/expo-unlimited-secure-store

@Cretezy
Copy link
Owner

Cretezy commented Aug 2, 2019

@istvan-szilagyi This is great! I'm sorry for being a little bogged down recently.

If you'd like, create a PR with the information in the README.

hiwelo added a commit to hiwelo/addday that referenced this issue Dec 29, 2019
@hiwelo
Creates a series of crypto utilities
4ac11c8 
This commit creates a series of 3 cryptography utilities used to
encrypt the data that will be stored by the application as part of
its content.

Everytime we want to store an information, the idea is to generate
a random encryption key that will be stored part of the SecureStore
while the encrypted information using this generated key will be
stored in the regular FileSystem.

This solution will allow us to not be blocked by the low capacity
of the SecureStore allowed on iOS and Android.

Part of this commit, we find the `generateEncryptionKey` utility
creating a random encryption key having the requested amount of
chars.

We also have an `encrypt` utility randomly generating a key and
using the generated key to encrypt the requested message.

And finally we have a `decrypt` key using the provided key to
decrypt a provided message.

These utilities are based on the work made by @neverdull-agency
to implement an unlimited secured expo storage, following the
message by @Cretezy in the issue
Cretezy/redux-persist-expo-securestore#9.
hiwelo added a commit to hiwelo/addday that referenced this issue Dec 29, 2019
@hiwelo
Creates a series of crypto utilities
2ddff09 
This commit creates a series of 3 cryptography utilities used to
encrypt the data that will be stored by the application as part of
its content.

Everytime we want to store an information, the idea is to generate
a random encryption key that will be stored part of the SecureStore
while the encrypted information using this generated key will be
stored in the regular FileSystem.

This solution will allow us to not be blocked by the low capacity
of the SecureStore allowed on iOS and Android.

Part of this commit, we find the `generateEncryptionKey` utility
creating a random encryption key having the requested amount of
chars.

We also have an `encrypt` utility randomly generating a key and
using the generated key to encrypt the requested message.

And finally we have a `decrypt` key using the provided key to
decrypt a provided message.

These utilities are based on the work made by @neverdull-agency
to implement an unlimited secured expo storage, following the
message by @Cretezy in the issue
Cretezy/redux-persist-expo-securestore#9.
@uxxman
Copy link

uxxman commented Jul 27, 2020

any update on this?

@xmflsct
Copy link

xmflsct commented Jan 22, 2021

Thank you @istvan-szilagyi ! I have switched to use your library.

xmflsct added a commit to tooot-app/app that referenced this issue Jan 23, 2021
@xmflsct
Fix size limit for storing avatar
aa467f6 
Cretezy/redux-persist-expo-securestore#9
@bleedingAyush
Copy link

Guys, you don't need to use this package at all. Just go to the project's main repository and copy the two files index.d.ts and index.js and then make a folder name redux-persist-exposecurestore in and then use it.

@Asday
Copy link
Contributor Author

Asday commented Sep 29, 2021

@Ayush6543 that is exactly using this package, you're just cutting out the NPM step (and taking the responsibility of transpilation).

Also that does absolutely nothing to fix the issue.

@bleedingAyush
Copy link

@Ayush6543 that is exactly using this package, you're just cutting out the NPM step (and taking the responsibility of transpilation).

What is transpilation?

@abdul-megadraws
Copy link

Install:
@react-native-async-storage/async-storage

Instead of
expo-secure-store

Hope it will clear warning message! Will solve issue.

AnantTiwari001 added a commit to AnantTiwari001/redux-persist-expo-securestore that referenced this issue Sep 12, 2024
@AnantTiwari001
chucking down key into 2000 bytes to avoid - "Provided value to Secur…
ceffb6d 
…eStore is larger than 2048 bytes. An attempt to store such a value will throw an error in SDK 35." warning.

Issue Cretezy#9
@AnantTiwari001 AnantTiwari001 mentioned this issue Sep 12, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@xmflsct @Asday @thargenediad @Cretezy @uxxman @leviathanbeak @istvan-szilagyi @bleedingAyush @abdul-megadraws