Detecting type of error when SecureStore.getItemAsync() rejects the promise

binki · August 15, 2018, 5:26am

After fully uninstalling and reinstalling a standalone expo app, I started seeing this:

08-14 23:57:54.153  6475  6564 W SecureStoreModule:
08-14 23:57:54.153  6475  6564 W SecureStoreModule: javax.crypto.AEADBadTagException
08-14 23:57:54.153  6475  6564 W SecureStoreModule:     at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:517)
08-14 23:57:54.153  6475  6564 W SecureStoreModule:     at javax.crypto.Cipher.doFinal(Cipher.java:1741)
08-14 23:57:54.153  6475  6564 W SecureStoreModule:     at abi28_0_0.host.exp.exponent.modules.api.SecureStoreModule$AESEncrypter.decryptItem(SecureStoreModule.java:452)
08-14 23:57:54.153  6475  6564 W SecureStoreModule:     at abi28_0_0.host.exp.exponent.modules.api.SecureStoreModule.readJSONEncodedItem(SecureStoreModule.java:207)
08-14 23:57:54.153  6475  6564 W SecureStoreModule:     at abi28_0_0.host.exp.exponent.modules.api.SecureStoreModule.getItemImpl(SecureStoreModule.java:178)
08-14 23:57:54.153  6475  6564 W SecureStoreModule:     at abi28_0_0.host.exp.exponent.modules.api.SecureStoreModule.getValueWithKeyAsync(SecureStoreModule.java:166)
08-14 23:57:54.153  6475  6564 W SecureStoreModule:     at java.lang.reflect.Method.invoke(Native Method)
08-14 23:57:54.153  6475  6564 W SecureStoreModule:     at abi28_0_0.com.facebook.react.bridge.JavaMethodWrapper.invoke(JavaMethodWrapper.java:372)
08-14 23:57:54.153  6475  6564 W SecureStoreModule:     at abi28_0_0.com.facebook.react.bridge.JavaModuleWrapper.invoke(JavaModuleWrapper.java:160)
08-14 23:57:54.153  6475  6564 W SecureStoreModule:     at abi28_0_0.com.facebook.react.bridge.queue.NativeRunnable.run(Native Method)
08-14 23:57:54.153  6475  6564 W SecureStoreModule:     at android.os.Handler.handleCallback(Handler.java:790)
08-14 23:57:54.153  6475  6564 W SecureStoreModule:     at android.os.Handler.dispatchMessage(Handler.java:99)
08-14 23:57:54.153  6475  6564 W SecureStoreModule:     at abi28_0_0.com.facebook.react.bridge.queue.MessageQueueThreadHandler.dispatchMessage(MessageQueueThreadHandler.java:29)
08-14 23:57:54.153  6475  6564 W SecureStoreModule:     at android.os.Looper.loop(Looper.java:164)
08-14 23:57:54.153  6475  6564 W SecureStoreModule:     at abi28_0_0.com.facebook.react.bridge.queue.MessageQueueThreadImpl$3.run(MessageQueueThreadImpl.java:192)
08-14 23:57:54.153  6475  6564 W SecureStoreModule:     at java.lang.Thread.run(Thread.java:764)
08-14 23:57:54.153  6475  6564 W SecureStoreModule: Caused by: android.security.KeyStoreException: Signature/MAC verification failed
08-14 23:57:54.153  6475  6564 W SecureStoreModule:     at android.security.KeyStore.getKeyStoreException(KeyStore.java:697)
08-14 23:57:54.153  6475  6564 W SecureStoreModule:     at android.security.keystore.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:224)
08-14 23:57:54.153  6475  6564 W SecureStoreModule:     at android.security.keystore.AndroidKeyStoreAuthenticatedAESCipherSpi$BufferAllOutputUntilDoFinalStreamer.doFinal(AndroidKeyStoreAuthenticatedAESCipherSpi.java:373)
08-14 23:57:54.153  6475  6564 W SecureStoreModule:     at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:506)
08-14 23:57:54.153  6475  6564 W SecureStoreModule:     ... 15 more

I was wondering if I can figure out the different type of errors thrown by Expo’s SecureStore module in a reliable way. I want to know if the error is transient or not so that I can handle it correctly.

Basically, I think that sometimes an error would be thrown if the device is locked and my code somehow ran in the background and tried to access a secure value which requires the user to have unlocked the device. This is a transient error and my app should retry later.

However, this error I got now is due to the app being uninstalled and reinstalled. The old key the app used to decode content is, I assume, irrecoverable. So the error is permanent and my app must know that it should treat that error as if the key doesn’t exist. This error will never be recovered from by the user unlocking the screen—the app may even be foregrounded and the user’s keystore fully accessible.

The documentation only seems to say that the promise returned by SecureStore.getItemAsync() will be rejected if there is an error. Based on the source code , it looks like I might get the same type of error if expo fails to get the key from the keystore. Or will I get a different error?

Can there be documentation describing how to detect the different types of errors?

Thanks.

system · August 30, 2018, 5:26am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Secure store error: E_SECURESTORE_DECRYPT_ERROR Expo SDK	1	733	April 7, 2019
Could not encrypt/decrypt the value for SecureStore Expo SDK securestore	3	827	September 12, 2023
Error: An unexpected error occurred when writing to SecureStore Expo SDK securestore	1	161	October 12, 2023
Standalone APK Hanging on SecureStore getItemAsync Expo SDK	4	570	November 26, 2020
Running into a weird error when deploying to Heroku, but works just fine in Expo app when developing Expo SDK	3	743	November 19, 2019

Detecting type of error when SecureStore.getItemAsync() rejects the promise

Related Topics