Store data in an encrypted local database

[ferndot]

Is your feature request related to a problem? Please describe.
Future versions of this app will require secure local storage of sensitive data.

Describe the solution you'd like
Set up a secure and encrypted local storage pattern.

Describe alternatives you've considered

• Hive
• SQLite with SQLCipher and Moor ORM

Additional context

• Bonus for supporting encryption with a biometric and PIN

[dnfield]

May want to consider https://pub.dev/packages/flutter_secure_storage - it may be usable with the other packages.

[ferndot]

@dnfield this package integrates flutter_secure_storage with hydrated_bloc. https://pub.dev/packages/knox

[ferndot]

We could also easily create our own custom storage class to link hydrated_bloc and flutter_secure_storage

[dnfield]

So flutter_secure_storage is really meant for storing a key, rather than storing larger amounts of data. If there's only a smaller amount of data to store it's probably fine, but this would really be where we'd want to store the key or password for some other encrypted resource normally.

[edman]

Is there a plugin with support for biometry or lock screen bound keys (e.g. as in keys generated with setUserAuthenticationRequired)? I couldn't find any.

If not, local_auth could be used to gate access without crypto guarantees on the stored data. Then we'd also need a fallback strategy, like an in-app password screen.

Expanding on the suggestions so far we could:

• Generate an AES key with Random.secure()
• Persist the key with flutter_secure_storage
• Use local_auth or fallback to password screen for authentication
• Use the key with hive or sqflite_sqlcipher

[dnfield]

The general workflow should be:

• use local_auth to guard access to the keys
• store the keys using flutter_secure_storage
• use the keys to decrypt whatever is stored locally (e.g. SQLCipher, a file, whatever).

It would be best to avoid packages which have either hand rolled encryption or have not really been battle tested.

[dnfield]

Another option is to just use a simple file to store this that we encrypt. E.g. something encoded with JSON codec or the FlutterStandardCodec.

[edman]

How do you suggest we encrypt this file? The crypto packages I find in pub don't look very battle tested.

[dnfield]

I think right now our best bet would be to use native platform APIs with a custom plugin. I'm going to do a quick experiment on this.

[the1220]

would this be any help to you all https://bitbucket.org/wmtp/dha-encryption/src/master/README.md

[ferndot]

@the1220 thanks for suggesting that! Unfortunately, it is for JavaScript applications, so it won't work for this project.

[ferndot]

Postponing this issue until the MVP is launched--there is no sensitive data stored locally in the first version.