Skip to content

Releases: TankerHQ/sdk-android

4.3.0

06 Jan 10:58
Compare
Choose a tag to compare
  • Add prehashAndEncryptPassword helper to hash passwords client-side and transmit it to an untrusted medium so it can be used to enroll an identity using the new PrehashedAndEncryptedPassphraseVerification method, available in python and ruby only.

v4.2.1

21 Nov 11:18
Compare
Choose a tag to compare
  • Reduce AAR size by about ~3MB (per arch) by excluding a dependency only used in tests

v4.2.0

20 Jun 16:20
Compare
Choose a tag to compare
  • Add new OpenID Connect verification flow through the new OIDCAuthorizationCodeVerification method, see the updated guide for details
  • OIDC is now a valid pre-verified verification method with the new PreverifiedOIDCVerification method
  • Deprecate createOidcNonce, setOidcTestNonce, and OIDCIDTokenVerification as they are now obsolete with the new OIDC verification flow
  • Invalid responses that do not come from the Tanker backend can now result in a NetworkError, instead of an InternalError

v4.1.0

20 Jun 16:05
Compare
Choose a tag to compare

This is a maintenance release, there are no external changes.

v4.0.0

20 Jun 16:05
Compare
Choose a tag to compare
  • The OIDCIDTokenVerificationMethod objects now contain the getPproviderId and getProviderDisplayName methods, corresponding to the verification method's OIDC provider.
  • Limit maximum number of resource IDs * recipients to 100 in a single call to share
  • Add support for SDK downgrade between compatible versions even in case of changes to the local storage schema, see manage sdk versions for more details.
  • Downgrade severity for logs related to internal storage and HTTP requests from Info to Debug
  • Improve error messages for decrypt and getResourceID when the given encrypted data is empty. Note that decrypt will throw an InvalidArgument exception when that happens, not a DecryptionFailed.
  • Remove deprecated getDeviceList method

Padded Encryption

Tanker now uses a padded symmetric encryption scheme by default. Adding padding to encrypted data aims at hiding the length of the clear message, see the dedicated guide.

v2.32.0

27 Jul 15:51
Compare
Choose a tag to compare

End-to-end passphrase verification

A new end-to-end passphrase verification method is now available for users who need strict end-to-end security guarantees.

See the guide for more information.

Performance improvements

Reduce the number of group and resource key lookups by sharing results from in-progress lookups between calls.

This makes concurrent operations involving groups or encrypted resources faster, as fewer round trips to the network and/or local storage are made.

For example, parallel decryption of multiple resources shared with the same group now requires only one lookup to recover the last group key instead of one lookup per resource.

Bug fix

  • Fix encrypt() when called with more than ~4GB of clear data:

    • An overflow of an unsigned integer was causing a corruption of the encrypted data
    • Data encrypted through encrypt(channels) is not affected
  • Fix decrypt() when called with more than ~4GB of encrypted data:

    • An overflow of an unsigned integer was causing incorrect parsing of encrypted data
    • Data decrypted through decrypt(channels) is not affected

v2.31.0

27 Jul 15:43
Compare
Choose a tag to compare

There is no new feature or externally visible change in this version of the SDK.

v2.30.0

03 May 11:53
Compare
Choose a tag to compare
  • Add forward compatibility for the decryption of padded data.
  • Phone number verification method can now be used with session token.
  • setOidcTestNonce is available to test the new verification flow without requiring any end-user action.

Offline mode

No connection to Tanker remote services is made if not necessary, this is true when:

  • The user already exists
  • The device is already registered
  • The operation can be completed using the device's local cache

Any user registration, device verification, group operation, new encryption or decryption of resource not in cache will open a new connection.

v2.29.1

20 Apr 09:17
Compare
Choose a tag to compare

OpenID Connect

Pro Santé Connect is now a supported OpenID Provider.
Select the OpenID Provider from the dashboard:

  • pro-sante: for the production environment
  • pro-sante-bas: for the sandbox

v2.29.0

20 Apr 09:17
Compare
Choose a tag to compare

OpenID Connect

The identity verification using the OIDC has been revamped to improve security and isolation between Tanker servers and an application server using Tanker:

  • A new mandatory nonce, created through createOidcNonce(), should be used in OIDC authorization code flow. It allows:
    • Application server to deny any request using an IdToken already seen. Preventing Tanker from impersonating end-users
    • Tanker to perform an additional challenge with end-users before accepting an IdToken. Preventing an Application server from impersonating end-users
  • OIDC for provisional identity verification is not available anymore

The OIDC verification guide has been updated accordingly.