2

According to the MAUI docs, the key used to encrypt data when using Microsoft.Maui.Storage.ISecureStorage may change:

It's possible that an exception is thrown when calling GetAsync or SetAsync. This can be caused by a device not supporting secure storage, encryption keys changing, or corruption of data.

However, I haven't been able to determine when or how the encryption keys might change. The MAUI docs themselves don't seem to address the subject, so I'm not sure if this is an undocumented feature of MAUI, or whether the answer is platform-dependent.

Context: I'm developing a MAUI application that will allow a user to integrate with third-party services using API keys. Since these are sensitive, I would like to put them in secure storage instead of the app's SQLite database - but if the encryption keys are liable to change, I don't want to develop the app in such a way that users are forced to re-enter their API credentials regularly. I'm trying to determine when or how encryption keys might change so I can decide whether ISecureStorage is a good fit for my use case.

Christian LeVesque
  • 21
  • 3
  • 1
    I don't think Maui has any control over when an encryption key changes. That's up to each device. It would be a **rare** event. So don't worry about user having to frequently re-enter anything. NOTE, this shouldn't be the **primary** place anything is remembered; your server (which has a backup schedule) should be the final authority. ALSO, regarding security, if these keys need to be hidden *from the user themselves*, then nothing on the device is secure. Because jailbroken devices exist. And other vulnerabilities. See https://stackoverflow.com/a/63938944/199364. – ToolmakerSteve Jun 02 '22 at 00:25
  • 1
    @ToolmakerSteve The keys don't need to be hidden from the user - these will be services from which the user has acquired their own API keys, so it's not required that the data in question be hidden _from the user_, only _from other applications_. – Christian LeVesque Jun 02 '22 at 00:36

0 Answers0