-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Store data in an encrypted local database #4
Comments
May want to consider https://pub.dev/packages/flutter_secure_storage - it may be usable with the other packages. |
@dnfield this package integrates flutter_secure_storage with hydrated_bloc. https://pub.dev/packages/knox |
We could also easily create our own custom storage class to link hydrated_bloc and flutter_secure_storage |
So flutter_secure_storage is really meant for storing a key, rather than storing larger amounts of data. If there's only a smaller amount of data to store it's probably fine, but this would really be where we'd want to store the key or password for some other encrypted resource normally. |
Is there a plugin with support for biometry or lock screen bound keys (e.g. as in keys generated with setUserAuthenticationRequired)? I couldn't find any. If not, local_auth could be used to gate access without crypto guarantees on the stored data. Then we'd also need a fallback strategy, like an in-app password screen. Expanding on the suggestions so far we could:
|
The general workflow should be:
It would be best to avoid packages which have either hand rolled encryption or have not really been battle tested. |
Another option is to just use a simple file to store this that we encrypt. E.g. something encoded with JSON codec or the FlutterStandardCodec. |
How do you suggest we encrypt this file? The crypto packages I find in pub don't look very battle tested. |
I think right now our best bet would be to use native platform APIs with a custom plugin. I'm going to do a quick experiment on this. |
would this be any help to you all https://bitbucket.org/wmtp/dha-encryption/src/master/README.md |
@the1220 thanks for suggesting that! Unfortunately, it is for JavaScript applications, so it won't work for this project. |
Postponing this issue until the MVP is launched--there is no sensitive data stored locally in the first version. |
Is your feature request related to a problem? Please describe.
Future versions of this app will require secure local storage of sensitive data.
Describe the solution you'd like
Set up a secure and encrypted local storage pattern.
Describe alternatives you've considered
Additional context
The text was updated successfully, but these errors were encountered: