Curious about Tink's keysets when the Android keystore fails

[Simon Tse]

I want to discuss a little more the issue of "GeneralSecurityException: decryption failed" found here (https://github.com/google/tink/issues/321#issuecomment-641632441).

I'm noticing that over time, users with Tink get a decryption error that I haven't been able to prove is in the content that I'm creating or how I'm implementing the code to encrypt and decrypt with Tink. I followed the Android example.

So I'd like to know how within Google and how is it recommended to handle these decryption errors that seemingly is caused by issues in Android's keystore and Tink "recovering" from not being able to decrypt the keyset but considering it a clear text keyset.

How often do we know that Tink can fail when using Android Keystore as backing to secure the Tink keyset? I'm wondering how Google apps have handled this errors so I could better align my solution to it. 

[Thai Duong]

Hi Simon,

Let's move this discussion to GitHub. 

--
You received this message because you are subscribed to the Google Groups "tink-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tink-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tink-users/7fe0933d-aa63-4c18-b57e-673cd370a4c1o%40googlegroups.com.