-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Passing encryption key via a callback #1636
base: main
Are you sure you want to change the base?
Conversation
…ry region that can be reset later to enhance security
packages/library-base/src/commonMain/kotlin/io/realm/kotlin/internal/RealmImpl.kt
Outdated
Show resolved
Hide resolved
- Adding jni lib for Android test
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice...great description in the docs. I do have a few comments about the API docs + some missing tests, but it is minor
packages/library-base/src/commonMain/kotlin/io/realm/kotlin/Configuration.kt
Outdated
Show resolved
Hide resolved
@@ -354,6 +378,52 @@ public interface Configuration { | |||
public fun encryptionKey(encryptionKey: ByteArray): S = | |||
apply { this.encryptionKey = validateEncryptionKey(encryptionKey) } as S | |||
|
|||
/** | |||
* Similar to [encryptionKey] but instead this will read the encryption key from native memory. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great explanation 💯
// These touches the notifier and writer lazy initialised Realms to open them with the provided configuration. | ||
awaitAll( | ||
async(notificationScheduler.dispatcher) { | ||
notifier.realm.version().version |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick, would it make sense to have a helper method like openRealm()
or something, just to make it more readable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll add a TODO. There might be other feedbacks we can incorporate after the POC
packages/test-base/src/androidMain/kotlin/io/realm/kotlin/test/platform/PlatformUtils.kt
Show resolved
Hide resolved
packages/test-base/src/commonTest/kotlin/io/realm/kotlin/test/common/EncryptionTests.kt
Show resolved
Hide resolved
@ExperimentalEncryptionCallbackApi | ||
public interface EncryptionKeyCallback { | ||
/** | ||
* Provides the native memory address of the 64 byte array containing the key used to encrypt and decrypt the Realm file. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would also document that this can be called multiple times and that release is only called once, so they do not accidentially create a new Pointer for every call to this, but only release it once.
This was also why I thought it might make a better API if this was an symmetric API, i.e. called 3 times, and released 3 times, but I do agree that the current behavior is easier to implement for the sake of an POC.
…nfiguration.kt Co-authored-by: Christian Melchior <christian@ilios.dk>
Co-authored-by: Christian Melchior <christian@ilios.dk>
Co-authored-by: Christian Melchior <christian@ilios.dk>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good. CI will be fixed by #1633
packages/library-base/src/commonMain/kotlin/io/realm/kotlin/Configuration.kt
Outdated
Show resolved
Hide resolved
…nfiguration.kt Co-authored-by: Christian Melchior <christian@ilios.dk>
This PR adds the ability to pass in the AES encryption key from a native memory region. After opening the Realm the caller can reset this native memory region to reduce the window where the key is available clear in memory.
openEncryptedRealmWithEncryptionKeyCallback
test)Closes #1705