Need help to understand to understand encryption.

[AdityaPahilwani]

Thanks a lot for creating this super-fast storage library.

I was exploring encryption with MMKV and have some doubts, would be really grateful if you can help me with the same.

While creating an instance of MMKV we give one encryption key, and we provide a unique key which is 99% the same throughout app lifecycle

const encryptionKey=NativeFunctionToRetrieveUniqueID();
// for ex encryptionKey value is mmkv-is-great
export const Storage = new MMKV({
	id: `storage`,
	encryptionKey: encryptionKey,
})

now if by any chance NativeFunctionToRetrieveUniqueID gives another key which is not the same key which was used to create the instance.

const encryptionKey=NativeFunctionToRetrieveUniqueID();
// for ex encryptionKey value is 'mmkv-is-fast' instead of last used key which was 'mmkv-is-great'
export const Storage = new MMKV({
	id: `storage`,
	encryptionKey: 'encryptionKey',
})

As the encryption key is changed would it do any harm? like data is getting failed to read or any possible harm?

[mrousavy]

I think if the encryption key is not the same it simply cannot read the data and will overwrite it if you try writing to it. So your data will be lost if you lose your encryption key.

[MCervenka]

@mrousavy I was hoping that it would work as you suggested, but it looks like it doesn't work at all. I initialized the MMKV storage with one encryption key, then wrote to it. Then close the app, and open it initializing MMKV with different encryption key, but I was still able to read data from previous instance.

[MCervenka]

I would expect to get undefined

[MCervenka]

So i found where does my MMKV storage stores the files inside my iphone simulator and the encryption works! :)

The way I understand how this works is, that the mmkv storage needs the secret key from us only for starting the encryption. Then we can lost it, because mmkv storage stores the key inside phones keychain. So when we use the storage next time with different secretKey, the storage, I guess, retrieve the old data with an old key and then rewrite them with new key?

Anyway thank you for the awesome library. It is a big relieve to have sync storage that is so fast.

[mrousavy]

Oh so the new key doesn't even get used? Then I need to change the API? 🤔

[AdityaPahilwani]

@MCervenka To check MMKV file, you can do this

// open terminal
// adb shell
// cd /data//files/mmkv
// ls
// cat fileName

[AdityaPahilwani]

@mrousavy I checked it and @MCervenka is correct, storage works the same if keys changed on the fly

[asami95]

@AdityaPahilwani Can you explain how you change the key on the fly, please?

[Nantris]

Is this issue still outstanding, or do updated encryption keys work as intended now?

[mrousavy]

This is related to the core MMKV library, not my react-native-mmkv wrapper.

[adenyx]

So i found where does my MMKV storage stores the files inside my iphone simulator and the encryption works! :)

The way I understand how this works is, that the mmkv storage needs the secret key from us only for starting the encryption. Then we can lost it, because mmkv storage stores the key inside phones keychain. So when we use the storage next time with different secretKey, the storage, I guess, retrieve the old data with an old key and then rewrite them with new key?

Anyway thank you for the awesome library. It is a big relieve to have sync storage that is so fast.

Hi, @MCervenka
Could you share where I can find MMKV storage files? I can't check does my encryption works.

[nicholascm]

xcrun simctl get_app_container booted your.package.name data if you are running on an iOS simulator, then go to that directory. Inside of Documents you can see mmkv and inside of there are files. Doing cat ___ on an unencrypted file will show u the contents.

[bfricka]

I'm using 2.5.1 (I can't upgrade RN quite yet), and this isn't what happens to me at all. Instead, I have a separate issue: If I write with one encryption key and try to instantiate MMKV with a different key, an error is thrown. I can't recover from this, because I have no way to clear the previously encrypted file, since I can't instantiate MMKV.

[SameOldNick]

The reason you are able to open the database with a different key is because MMKV creates a singleton for each instance. So when you're opening a database with the same ID, it re-uses the existing instance. @MCervenka was probably not closing the app completely. This is how MMKV is implemented: https://github.com/Tencent/MMKV/blob/820c42508f213876b1922ac22baa159fbd144574/Core/MMKV.cpp#L243

You can use the following to test it out. First have it set and get the value in the same process. Then comment out the set part, completely close the app, and run it again. You should see the first time they're the same, but the second time it's undefined.

import { MMKV as ReactNativeMMKV } from "react-native-mmkv";

const input = 123;

(new ReactNativeMMKV({
    id: 'test',
    encryptionKey: 'secret',
})).set('test', input);

const stored = (new ReactNativeMMKV({
    id: 'test',
    encryptionKey: 'jblow1',
})).getNumber('test');

console.log(`input = ${input}, stored = ${stored}`);

My suggestion is one of the following:

1. Add a 'close' method to NativeMMKV that calls 'close' in the MMKV instance. The problem is this will cause undefined behavior if any further calls are made (as per the documentation).
2. Close existing NativeMMKV instances if they exist before opening it again in the createMMKV function. This might involve guess work as it's out of this packages scope to know or care about what the MMKV package is doing.
3. Do nothing and leave it as is. Since it's able to decrypt values with different encryption keys, people could use that to determine if the right encryption key is being applied. They could also come up with their own encrypt/decrypt implementation.