On Fri, Jun 14, 2013 at 1:01 PM, Rex Ching <[email protected]> wrote: > Hi there > > I am developing the secured key storage for one of my mobile device running > JB422, found out that the default keystore signing and verifying API always > force the device using the following options > params.digest_type = DIGEST_NONE; > params.padding_type = PADDING_NONE; > > That says we have to sign the data with a RSA private key without padding, > and during verification, we have to use the raw mode to verify data > That sounds to be a known security issue of not using PADDING in signature > processes > > Several places all talk about the potential vulnerabilities > http://en.wikipedia.org/wiki/RSA_(algorithm) > http://rdist.root.org/2009/10/06/why-rsa-encryption-padding-is-critical/ > > > Wonder if any security experts can comment if I am wrong or right? > Appreciate with your help! Not an expert, but....
I suspect PKCS padding is being avoided due to the potential oracle present in the underlying implementation. RSA-PSS is an alternative, but it may not be available. http://blog.cryptographyengineering.com/2012/06/bad-couple-of-years-for-cryptographic.html Jeff -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
