Skip to content
This repository has been archived by the owner on Apr 16, 2021. It is now read-only.

Key generator uses RSA PKCS#1 v1.5 padding #52

Open
sethkraut opened this issue Feb 19, 2019 · 2 comments
Open

Key generator uses RSA PKCS#1 v1.5 padding #52

sethkraut opened this issue Feb 19, 2019 · 2 comments

Comments

@sethkraut
Copy link

The key generator uses RSA PKCS#1 v1.5 padding, which has security issues. RSA Optimal Asymmetric Encryption Padding (OAEP) appears to be a better choice. Is it possible to switch or to allow configuration of the padding?

RealWhorlwind.java:155
@mattprecious
Copy link
Contributor

Looks like it would require bumping the min SDK to 23: https://developer.android.com/training/articles/keystore#SupportedAlgorithms

@jbryan26
Copy link

jbryan26 commented Feb 27, 2019
edited
Loading

Is there any reason not to use the stronger padding and then fall back to the weaker padding if the build version is lower? I noticed in the RealWhorlwind.java file there is already a check to see if the fingerprint or biometric permission should be used. Something similar could work for the padding. I can submit a PR if that would help.

Edit:
And it appears that this class requires 23:

@RequiresApi(Build.VERSION_CODES.M)
final class RealWhorlwind extends Whorlwind {

@jbryan26 jbryan26 mentioned this issue Feb 27, 2019
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mattprecious @sethkraut @jbryan26