Hello.

Please I need advice. I used the bencoding.securely module to register Login / Password. Encrypt / decrypt works great in Titanium.

But my problem. I will save the encrypted data to the webadmin. I do not know how to decrypt this data on the web. I have Hash + Key I've tested many AES standards.

Thank you very much for any advice.

Hi,

I'm currently encrypting/decrypting a SQLite Database in an Android App and was really puzzled why my cache size has grown very fast to nearly 4GB.

Looking at the cache directory I found a lot of files like these:

tia-<NUMBER>cachebcding
tia<NUMBER>cachebcding

I found out that cachebcding is the TEMP_PREFIX defined in Android/src/bencoding/securely/Utils.java, leading me to believe that the Securely-Module is currently not cleaning up after decryption/encryptions. I'm going to check the cache folder in my App for now to clean it up if necessary, but I think this should be changed in the Module too.

Cheers,
Mario

When I save a string value via setObject, the retrieved value is enclosed in quotes that I must then strip.

i have saved value in properties and i get the value until i did not delete app.
But after uninstalling app i am not getting the property which i created.

I used the code is:-

var securely = require('bencoding.securely');

var properties = securely.createProperties({
identifier : "Foo",
accessGroup : "Bar"
});
//Check property existance..
var exists = properties.hasProperty('String');
Titanium.API.info('String Property ' + ((exists) ? " Exists" : " Doesn't Exist"));
//Print in console "Exists" ---> if i am not uninstall app.
//Print in console "Doesn't Exist" ----> if i uninstall app and reinstall.

properties.setString('String', 'I am a String Value'); //set Value
Titanium.API.info('String: ' + properties.getString('String')); //Output correct.
//Print in console "I am a String Value"

Hi Ben,
Sort of a Appc problem but with the new 4.0.0.GA SDK and alloy 1.6.0 the module versioning using a letter at the end 1.53.B causes a longjohn.js exception. Moving the directory to 1.53.2 for example fixes the problem. I am posting here as alot of other modules do keep the convention of numbers rather than letters and I suspect it is easier for you to fix. Tell me if you think this should be post to the Appc JIRA page.
Thanks

We experience incompatibilities between encrypted strings which were created using StringCrypto inside AppStore version of our app and Ad-Hoc builds. This only happens on devices from iPhone 5S upwards.

The relevant code is

securely.createStringCrypto().AESEncrypt(password, text, false);

and

securely.createStringCrypto().AESDecrypt(password, encrypted, false);

Between AppStore releases of the app the encryption+decryption works. Between AppStore and Ad-Hoc builds it doesn't.

We checked that in Ad-Hoc builds, the resulting encrypted text is compatible with other libraries like OpenSSL with AES-256 and IV=0000000000000000. So we assume that in production AppStore builds something happens that results in non-standard encryption.

As far as we could find out iPhone 5S is the first device with hardware accelerated AES in CBC mode.

We have other code using the XPlatformCrypto routines, which implicitly uses non-zero IVs. This code works fine also between AppStore and Ad-Hoc.

Our app does not support 64 bits yet. So data type issues shouldn't be a problem (yet).

The following code:

var p = securely.createProperties({
  secret: "sshh_dont_tell"
});
p.setString('foo', 'bar');
console.debug(p.getString('foo'));
console.debug(p.listProperties());

Logs:

[ERROR] securityLevel not provided, a default of MED will be used
[ERROR] A secret is required for MED and HIGH securityLevel
[ERROR] Since no secret provided BUNDLE ID will be used
[ERROR] The identifier parameter is required for KeyChain Storage
[ERROR] Since identifier was provided BUNDLE ID will be used
[DEBUG] bar
[DEBUG] <null>

Hello, is there any working example of XPlatformCrypto with php ?
I'm trying to find which parameters to use but I can't the good ones.

PHP Code

$str = base64_decode('cXJ4eXJXakVHbjQrMUVUSXpiZkszUHpBcWNrQjNTMHY5VkxqSERFQ1o1aGZ2cUNLdlcvaUF0U1RWY1B2Tm4wNS9vQmhTVHd2bmdadApXakRRb2psbXdRPT0K');
$k = 'foo1234567891011';
var_dump(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $k, $str, MCRYPT_MODE_CBC, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"));

Appc code

    var mod = require('bencoding.securely'),
        crypto = mod.createXPlatformCrypto(),
        password = "foo1234567891011",
        plainText = "mary had a little lamb, little lamb, little lamb";

    Ti.API.info("First without generating an IV");

    var encyptedText = crypto.encrypt(password, plainText);
    Ti.API.info('encyptedText = ' +  Ti.Utils.base64encode(encyptedText));

Thank you for your help

The latest compiled release is older than the latest changes concerning the sdk 7.x update. Please provide a compiled release so users can upgrade to ti sdk 7.x

I tried with both

securely.createFileCrypto();
securely.createXPlatformCrypto();

and if I decrypt a file with a different password than the original one, I don't get any error.

I imagined that the e.success method would've given me errors about that..

Can you confirm me that there's no way to determine whether a file was decrypted right and is actually readable?

Hi,

I have played a bit with the securely module (on iOS) and it's very nice. Thanks for sharing this.

That being said, I have a question.

My app, like most apps, requires a password at first use and then does not require it again (unless you logout).
Which means, unless I am completely off mark, that the secret key used for securely.createProperties()must be hard coded in my js code (since I don't want to prompt for a password again). In turns, this means that all instances of my app share the same secret.

Do we consider this safe by relying on obfuscation/encryption done by the Ti framework or is there something obvious I am missing ?

My idea at this point is to generate a guid and hardcode it my source. But if you have any best practice to share I am very interested. I have looked around the Q&A forum etc and I haven't seen anything on this so I am wondering if I am missing something.

I am also interested to know how you go about detecting an application reinstallation, btw. So far as I can see, I can just use a regular Ti.API.Properties with a boolean firstrun properties since that properties file will get cleared up at uninstall time. Anything better ?

Thanks again for a great module.
--T

Feature request: use the KeyStore to generate secret for Properties encryption.

Hi, i'm currently converting an App, from Titanium to native Swift.
I was able to get key:value, from the keychain, which was encoded with your framework, with the following parameters:

    var properties = Alloy.Globals.Securely.createProperties({
        identifier: "myappidentifier",
        accessGroup: Alloy.Globals.SuiteName,
        storageType: Alloy.Globals.Securely.PROPERTY_TYPE_KEYCHAIN,
        securityLevel: Alloy.Globals.Securely.PROPERTY_SECURE_LEVEL_HIGH
    });

The hashes are in that format:
key:
099d64484e158b90c000e144cff76cfb2548cf1e17b8d8bf319b480d71bf27bfedf92b41048d88e2dbf8c6bceda15fa202f1dbf54c559c12f2e424e64e2253ab
value:
wnXGfwFQr4463RLAczVJGw==

How can i decode it ?
Thank you.

Not sure where you want to update the README.md, but for iOS10 you need to have a custom Entitlements.plist file in your project with the following content:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.keystore.access-keychain-keys</key>
    <true/>
    <key>com.apple.keystore.device</key>
    <true/>
</dict>
</plist>

In the implementation of BCXCryptoUtilities there's a letters array. This name is used also in other 3rd party libraries and modules in IOS causing a duplicate symbol linking error. It could be changed to bs_letters or something Securely specific in order to avoid linking problems.

Hello,

I have a question about this module. Is it possible to encrypt sqlite database file on Titanium platvorm and still use that database?

Hi,

Firstly... Thank you for developing this great module.

As I am sure you are aware that starting in February 1st, 2015, all iOS Apps need to provide 64-bit support. In a blog post on the subject Appcelerator have said that:

"Titanium will provide you with 64-bit support and as the time approaches we’ll be publishing the steps to take to update your apps and native modules."

I would like to continue using this very useful module, but I think that the current build in the list folder is 32bit. Would you be able to provide some advice on how we can use the module as part of a dual 32 and 64 bit app.

Thanks again.

So, if i use your code to encrypt a file and decrypt the same file everything is ok.
However, if i encrypt a file in AES, then using shell and openssl:
openssl enc -d -aes256 -in ogienc.mp3
enter aes-256-cbc decryption password:
bad magic number
It doesnt work!
So even if i encode something using openssl in AES, securely cannot decrypt it:
openssl enc -aes256 -in somefile.mp3 -out enctest.mp3

[INFO] : {"message":"java.io.IOException: pad block corrupted","to":"file:///storage/emulated/0/com.my.app/mydecrfile.mp3","success":false,"from":"file:///android_asset/Resources/enctest.mp3"}

If the crypto is AES then how come i cannot decrypt from other encryption sources? What is different?

Hi!

I am not sure what is happening, but on iOS I've encountered a strange situation where once set data in the Properties becomes no longer retrievable.

My App is asking a user for a PIN at the first install and on all subsequent calls it validates the access of the user with this PIN. After a while (mostly several days, but it also happened after one day), the Property is gone. .hasProperty also reports false.

At no point in my application I am resetting or clearing this information. After it is once set, I'm only reading with .getString. Strangely this happened to me just today in the simulator too after a lot of crash tests yesterday.

I've found this SO thread:
http://stackoverflow.com/questions/9743653/apple-keychain-losing-username-password-information but from looking at the Modules classes I don't think this really applies (there seems to be no resets/cleaning called).

Any idea on what is going on here?

Cheers,
Mario

Just calling listProperties() causes this crash:

[DEBUG] 2014-10-22 09:56:55.004 Timewax[10771:489119] -[__NSCFType boundBridge:withKrollObject:]: unrecognized selector sent to instance 0x78654460
[ERROR] Script Error: {
[ERROR]     backtrace = "#0 () at :55\n#1 logOut() at :30\n#2 logout() at :84";
[ERROR]     line = 48;
[ERROR]     message = "-[__NSCFType boundBridge:withKrollObject:]: unrecognized selector sent to instance 0x78654460";
[ERROR]     sourceId = 329574624;
[ERROR] }
[DEBUG] 2014-10-22 09:56:56.649 Timewax[10771:489119] -[__NSCFType unboundBridge:]: unrecognized selector sent to instance 0x78654460
[ERROR] The application has crashed with an uncaught exception 'NSInvalidArgumentException'.
[ERROR] Reason:
[ERROR] -[__NSCFType unboundBridge:]: unrecognized selector sent to instance 0x78654460
[ERROR] Stack trace:
[ERROR]
[ERROR] 0   CoreFoundation                      0x0544292a __exceptionPreprocess + 154
[ERROR] 1   libobjc.A.dylib                     0x05004a97 objc_exception_throw + 44
[ERROR] 2   CoreFoundation                      0x0544a5c5 -[NSObject(NSObject) doesNotRecognizeSelector:] + 277
[ERROR] 3   CoreFoundation                      0x053933e7 ___forwarding___ + 1047
[ERROR] 4   CoreFoundation                      0x05392fae _CF_forwarding_prep_0 + 14
[ERROR] 5   Timewax                             0x000ace01 -[KrollBridge unregisterProxy:] + 161
[ERROR] 6   Timewax                             0x000bcd82 KrollFinalizer + 498
[ERROR] 7   Timewax                             0x0033f7a3 _ZN2TI20TiCallbackObjectData8finalizeENS_6HandleINS_7UnknownEEEPv + 51
[ERROR] 8   Timewax                             0x0037dfdb _ZN2TI10HandleHeap19finalizeWeakHandlesEv + 155
[ERROR] 9   Timewax                             0x0037f08d _ZN2TI4Heap17collectAllGarbageEv + 45
[ERROR] 10  Timewax                             0x0033ea82 TiGarbageCollect + 66
[ERROR] 11  Timewax                             0x000b5a4b -[KrollContext forceGarbageCollectNow] + 123
[ERROR] 12  Timewax                             0x000b6ec5 -[KrollContext main] + 5141
[ERROR] 13  Foundation                          0x01111f07 -[NSThread main] + 76
[ERROR] 14  Foundation                          0x01111e60 __NSThread__main__ + 1326
[ERROR] 15  libsystem_pthread.dylib             0x0612becf _pthread_body + 138
[ERROR] 16  libsystem_pthread.dylib             0x0612be45 _pthread_body + 0
[ERROR] 17  libsystem_pthread.dylib             0x06129f0e thread_start + 34
[ERROR]
[ERROR] 2014-10-22 09:56:56.665 Timewax[10771:489119] *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '-[__NSCFType unboundBridge:]: unrecognized selector sent to instance 0x78654460'
[ERROR] *** First throw call stack:
[ERROR] (
[ERROR]         0   CoreFoundation                      0x05442946 __exceptionPreprocess + 182
[ERROR]         1   libobjc.A.dylib                     0x05004a97 objc_exception_throw + 44
[ERROR]         2   CoreFoundation                      0x0544a5c5 -[NSObject(NSObject) doesNotRecognizeSelector:] + 277
[ERROR]         3   CoreFoundation                      0x053933e7 ___forwarding___ + 1047
[ERROR]         4   CoreFoundation                      0x05392fae _CF_forwarding_prep_0 + 14
[ERROR]         5   Timewax                             0x000ace01 -[KrollBridge unregisterProxy:] + 161
[ERROR]         6   Timewax                             0x000bcd82 KrollFinalizer + 498
[ERROR]         7   Timewax                             0x0033f7a3 _ZN2TI20TiCallbackObjectData8finalizeENS_6HandleINS_7UnknownEEEPv + 51
[ERROR]         8   Timewax                             0x0037dfdb _ZN2TI10HandleHeap19finalizeWeakHandlesEv + 155
[ERROR]         9   Timewax                             0x0037f08d _ZN2TI4Heap17collectAllGarbageEv + 45
[ERROR]         10  Timewax                             0x0033ea82 TiGarbageCollect + 66
[ERROR]         11  Timewax                             0x000b5a4b -[KrollContext forceGarbageCollectNow] + 123
[ERROR]         12  Timewax                             0x000b6ec5 -[KrollContext main] + 5141
[ERROR]         13  Foundation                          0x01111f07 -[NSThread main] + 76
[ERROR]         14  Foundation                          0x01111e60 __NSThread__main__ + 1326
[ERROR]         15  libsystem_pthread.dylib             0x0612becf _pthread_body + 138
[ERROR]         16  libsystem_pthread.dylib             0x0612be45 _pthread_body + 0
[ERROR]         17  libsystem_pthread.dylib             0x06129f0e thread_start + 34
[ERROR] )
[ERROR] libc++abi.dylib: terminating with uncaught exception of type NSException

The properties documentation of listProperties() method says that an array of keychain properties is returned. Does it mean that the method doesn't work if the storageType is PROPERTY_TYPE_PREFERENCES?

For some reason, this method is returning undefined in iOS simulator for 5s with securityLevel being PROPERTY_SECURE_LEVEL_MED.

Hi, I love this plugin, but I've a problem with Android and PHP. In IOS the encrypt and decrypt in PHP working perfectly, but in android don't exist the "encrypt" method.

var encryptedText = stringCrypto.encrypt({
       password : password,
	value : qr,
	resultType : 'text',
	completed : function(e) {
	console.log(e.result);
		qrPut(e.result);
	},
});

This code work in IOS but don't in Android

var aesEncryptedString = stringCrypto.AESEncrypt(password, qr);

The result of this method is a Hex string, but in PHP i don't know how to decrypt

Can you help me

Regards

Thanks

Hi,

Trying to solve the persistence limitation on Android, I've discovered that "changed" event does not fire after changing / removing / etc. a property.

I've tried the following, but it does not work.

in Securely/Samples/Properties/app.js

1. In Line 126.
   properties.removeEventListener('changed',onChange);

Shoudn't it be the string "change" insetead of "changed"

I suppose the internal titanium constant value TiC.EVENT_CHANGE is "change" instead "changed"

2. You have missed an addEventListener attach. For example, it could be in line 20

properties.addEventListener('change',onChange);

But after make these changes, it still does not work.

I've checked it out both in Android and iOS with Titanium SDK 3.1.2 GA. Both have the same problem.

Any suggest?

Best regards.

Hi Ben,

I was trying the below code

var lockHelper = securely.createLockScreenHelper();
lockHelper.startMonitorForScreenOff();
lockHelper.startMonitorForScreenOn();

This works find in Android, but doesn't work on iOS. Looks like these methods doesn't exist in iOS.
I am trying to monitor device lock/unlock states so that a specific action can be taken. Can you suggest how to get this to work in iOS and there is any alternate approaches.

Thanks
Jai

Hi,

First of all, thank you for your great effort and work!

I don´t know if this is a issue or default behaviour, but the secure properties are lost after delete and reinstall an app (or even using the 'Clear data' button, under 'Manage Apps' window on Android Platform)

What I need in that case is that properties we saved in the app persist accross deinstall and reinstall app process, as securely.properties does in iOS platform.

We have tested both setting the "identifier" parameter to null or to a custom value. Same behaviour in Android platform: the properties are lost after reinstall the app.

Any help would be appreciated.

Best regards!

When I attempt to build a project that contains the bencoding.securely module using Xcode 5.1 I am greeted with an error about an unknown argument, -CommonCrypto.

I have noticed that if I remove the -CommonCrypto arguments from the module.xcconfig files in the benencoding.securely/1.0 and benencoding.securely/1.1 folders that I am able to build with Xcode 5.1.1.

Would you be able to update Securely so that it is compatible with Xcode 5.1.1 or can you confirm that these arguments can be safely removed as I described above?

Hello,

I must be doing something wrong here... I am trying to store a String through Securely, I am on Titanium 3.1.3, and developing for Android.

In order to store the string, I use the following code:

var securely = require('bencoding.securely');
var SecureProperties = securely.createProperties({
});

SecureProperties.setString('Password', 'This is my value');

In this case the value is stored OK. However, I would like to make this value persistant over new installations of my app. I uninstall my app and then run the following code in order to retrieve my value:

var securely = require('bencoding.securely');
var SecureProperties = securely.createProperties({
});

var MyPassword = SecureProperties.getString('Password');

This returns an empty value... Isn´t the keychain value not supposed to "survive" the app uninstall and reinstall?

Thank you so much in advance.

Maria.

I've been having this problem on iPad 2 and 3 with iOS 7.

If I try to decrypt a 20Mb file (not even that large), the system will notify the usual memory warning and after a while the app will crash.
Is there any way to decrypt it in chunks and keep the memory usage low?

Hi Ben, can you please tell me if this module support " RSA encryption using the public key file (.pem file)" ?

Thank you Ben!

Could you please remove older versions as it is causing me confusion on which version I should be using. I know it is discussed in the documentation, but if I simply go by the version number it is not intuitive to me.

I'm trying to build our app with the pre-3.0-changes branch with titanium sdk version 6.0.2.GA and I'm getting the following error on build.

[ERROR] : Found incompatible Titanium Modules:
[ERROR] : id: bencoding.securely version: 3.0.9 platform: android min sdk: 5.1.0.GA

Is there any way to use the old encryption with this SDK?

Hi,
Just wanted to know if it is possible to encrypt a Sq-lite database using this module?

Thanks,
Sid

Simply added module, and not doing anything with it yet, and I am getting this error.
2016-12-03T21:55:37.684Z | ERROR | An uncaught exception was thrown!
Failed to install app on device (0xe8008016)
2016-12-03T21:55:37.685Z | ERROR | Failed to install app on device (0xe8008016)

I have this in tiapp.xml
<dict> <key>keychain-access-groups</key> <array> <string>com.domain.appname</string> </array>

added this to alloy.js
var securely = require('bencoding.securely'); var platform_device = require('platform_device'); platform_device(); if (OS_IOS) { var properties = securely.createProperties({ secret : "mysecrethere", storageType:securely.PROPERTY_TYPE_KEYCHAIN, securityLevel:securely.PROPERTY_SECURE_LEVEL_HIGH }); } else if (OS_ANDROID) { var properties = securely.createProperties({ encryptFieldNames : true, secret : "mysecrethere", storageType:securely.PROPERTY_TYPE_PREFERENCES, securityLevel:securely.PROPERTY_SECURE_LEVEL_HIGH }); }

and I added the file "appname.entitlements" , into directory /app/platform/ios with this content
?xml version="1.0" encoding="UTF-8"? !DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd" plist version="1.0" <dict> <key>keychain-access-groups</key> <array> <string>com.domain.appname</string> </array> </dict> /plist

Module: 2.1.1
Ti: 5.5.1GA

Reading the documentation I saw that the properties support a secret password:

secret : String

This is a required parameter. secret is the password used to encrypt and decrypt all property values. The same secret used to encrypt must be used during the decryption process or a null value will be returned.

In the snippet it says:

var properties = securely.createProperties({
secret:"sshh_dont_tell",
identifier:"myPropertyIdentifier",
accessGroup:"myAccessGroup",
encryptFieldNames:false
});

How do I decrypt properties using the same secret?

I tried setting and getting a string but it doesn't look like setting the secret during the creation makes any difference.

Amazing module but I am trying to share key value pairs between two apps. For that I am using the same identifier and access group with fix secret value and that works perfectly fine for iOS but it doesn't work on Android.

Any chance of how to do it or its not yet compatible?

The latest Securely beta dist hangs during compilation on the latest Titanium release. Reverting to Securely 1.2.X works.

I am currently using v2.1.1 of your module.

My Implementation is very basic:
if (OS_IOS) { var properties = securely.createProperties({ secret : "SECRET_REMOVED", storageType:securely.PROPERTY_TYPE_KEYCHAIN, securityLevel:securely.PROPERTY_SECURE_LEVEL_HIGH }); } else if (OS_ANDROID) { var properties = securely.createProperties({ encryptFieldNames : true, secret : "SECRET_REMOVED", storageType:securely.PROPERTY_TYPE_PREFERENCES, securityLevel:securely.PROPERTY_SECURE_LEVEL_HIGH }); }

Today I started getting the following alert in my Titanium Console when deploying to my Android device.
********** PLEASE READ ************
*

• New versions of the Android SDK no longer support the Crypto provider.
• If your app was relying on setSeed() to derive keys from strings, you
• should switch to using SecretKeySpec to load raw key bytes directly OR
• use a real key derivation function (KDF). See advice here :
• http://android-developers.blogspot.com/2016/06/security-crypto-provider-deprecated-in.html

Returning an instance of SecureRandom from the Crypto provider
as a temporary measure so that the apps targeting earlier SDKs
keep working. Please do not rely on the presence of the Crypto
provider in the codebase, as our plan is to delete it
completely in the future.

Have you seen this before? What do I need to do?

Thanks,
Adam.

Hey,

When either using setString('username',null) or removeProperty('username'), the following error is thrown:

-[TIXPCDataTransport _handleForPurpose:withReplyBlock:] couldn't get data source for purpose=__TIRDTAB

I can attest that the string username has been set and is not null.
I tried looking into the source to trace it down, but have been unable to do so, as of this moment.

Any help would be appreciated.

Footnote: To get around the error, I have temporarily put the method inside a try-catch block.

Hi,
I'm trying to decrypt a file that was encrypted on my php server.

The error I get is the one on the title. I think I found the problem to be in the password format.

The password value in base64 is the following: VJJVeCP67CdHCOs00mMCkISr5VRHiTQKHTzPa9dHdK0=

but the original type is a binary. I looked through the source code and I saw that the password has to be an NSString. Any way to work around that?

Hi - great module!

I've a question about the passphrases used for the method createProperties .
Where should I store it?

I imagined these things:

• set statically in the tiapp.xml as a property
• generate using a salt (UUID or by using generateRandomKey) + secret (from tiapp.xml) and store in the TiAppProperties at runtime

But, Ti.App.Properties uses NSStandardDefaultthat is by definition not secure.
So... any advice?
Which is the best method?

For some reason I keep getting the following error when using securely on iOS?

[ERROR] securityLevel not provided, a default of MED will be used
[ERROR] A secret is required for MED and HIGH securityLevel
[ERROR] Since no secret provided BUNDLE ID will be used
[ERROR] The identifier parameter is required for KeyChain Storage
[ERROR] Since identifier was not provided BUNDLE ID will be used

I use the following code:

` var securely = require('bencoding.securely');

var properties = securely.createProperties({
identifier: "application",
accessGroup: "accessGroup",
secret: "my_secret",
storageType: securely.PROPERTY_TYPE_KEYCHAIN,
securityLevel: securely.PROPERTY_SECURE_LEVEL_MED
});`

Am I doing anything wrong? My application still works and is able to work with the value I set.

The encryption and decryption works fine on the Simulator but when I run the same app on the iPhone 6s Plus device via Titanium Studio (not adhoc or production install), I get the following error:
*** Assertion failure in -[NSConcreteMutableData decryptedDataUsingAlgorithm:key:initializationVector:options:error:], /Users/benbahrenburg/Projects/Modules/Securely/iOS/Classes/AESCrypt/NSData+CommonCrypto.m:478
I'm assuming it's related to #29 issue that Stefan brought up earlier that was closed.
Btw, I'm using the iOS dist 2.1.0.

Hi,
I tried migration this module from version 1.2.4 to 1.8. But returns empty string. compatibility is not?

Test code here is.

1.2.4

var seculery = require('bencoding.securely'),
  props = seculery.createProperties({
    secret: 'can\'t tell you'
  });

props.setString('TEST', 'TESTTESTTEST');
// displayed TESTTESTTEST
console.log(props.getString('TEST'));

1.8

var seculery = require('bencoding.securely'),
  props = seculery.createProperties({
    secret: 'can\'t tell you'
  });

// displayed empty string
console.log(props.getString('TEST'));

// displayed 1
console.log(props.hasProperty('TEST'));

I specified storageType and securityLevel props, result was the same.

var seculery = require('bencoding.securely'),
  props = seculery.createProperties({
    secret: 'can\'t tell you',
    storageType: securely.PROPERTY_TYPE_KEYCHAIN,
    securityLevel: securely.PROPERTY_SECURE_LEVEL_MED
  });

// displayed empty string
console.log(props.getString('TEST'));

// displayed 1
console.log(props.hasProperty('TEST'));

Thanks.

on iOS, my view loads and retrieves the emailAddress saved from a previous session just fine.

on Android, the value is null - it is not saving once the app is closed.

config:
if (OS_IOS) { var properties = securely.createProperties({ secret : "SECRET_HERE_REMOVED", storageType:securely.PROPERTY_TYPE_KEYCHAIN, securityLevel:securely.PROPERTY_SECURE_LEVEL_HIGH }); } else if (OS_ANDROID) { var properties = securely.createProperties({ encryptFieldNames : true, secret : "SECRET_HERE_REMOVED", storageType:securely.PROPERTY_TYPE_PREFERENCES, securityLevel:securely.PROPERTY_SECURE_LEVEL_HIGH }); }

Setter:
properties.setString('myEmail', advanceAuth.Result.EmailAddress);

Getter:
$.emailAddress.value = properties.getString('myEmail');

Why is this only an issue on Android? Is there some Android permission I need to include in my tiapp.xml?

Thanks,
Adam.

in the class PropertyKeyChain.m is logging out data at

NSLog(@"Provider setList : %@",value);
NSLog(@"Provider setList : %@",value);

Can someone fix this and provide new distribution files for iOS and android

Hi,

I am initialising keychain for iOS in following way: I have three apps with following bundle IDs (I have changed real IDs with fake one)

App 1: com.myapps.mobile.first
App 2: com.myapps.mobile.second
App 3: com.myapps.mobile.third

Following is the snippet for iOS

// Open Keychain Access
var KeychainAccess = Securely.createProperties({
encryptFieldNames: true,
identifier: 'com.myapps.mobile',
accessGroup: 'MySecretAccessGroup',
secret: Ti.Utils.md5HexDigest('MySecretAccessGroup'),
storageType: Securely.PROPERTY_TYPE_KEYCHAIN,
securityLevel: Securely.PROPERTY_SECURE_LEVEL_MED
});

This works perfectly fine in iOS simulator. The key value pairs are correctly shared. However, when I deploy in device. It doesn't share. I thought may be its happening because of the passcode so I removed passcode and checked, same results.

I am using Titanium SDK 3.2.2.GA and bencoding ios module 1.53.B.

Simulator Version: 7.1
Device iOS Version: 8.1.4

Hi Ben,

Not an issue but a question.

After reading the Secure Properties documentation and this issue Security Properties persistence on Android platform I'm not sure yet what will happen with the stored data after an App update (Android & iOS). Will they be lost?

I'm not sure what would happen if I just use Titanium.App.Properties. Will they persist after App updates?

Regards,

Pako Artal

Is there an android distribution for Ti SDK 7.x support yet?

Using version 3.1.0, calling sha256 from Android, I get the following error:

[ERROR] : StringCryptoProxy: Couldn't find proxy method 'sha256' with signature '(Ljava/lang/String;)Ljava/lang/String;'

Not sure why or how to address this.

Hi,

Not really an issue, more or a question...
Is it possible to recover the the plist after a backup is restored? Would the syncAllowed boolean in BencodingSecurelyPropertiesProxy.m control this (if I was to modify the source myself) or am I looking in the wrong location altogether?

Regards