Android Cipher.getInstance() security issue

Question

I had the issue with RSA in my Android code which described in this question Crash casting AndroidKeyStoreRSAPrivateKey to RSAPrivateKey and the accepted answer suggests this solution:

Cipher some_cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");

it works but if I use it Android Studio highlights this code as "Cipher#getInstance should not be called with ECB as the cipher mode or without setting the cipher mode because the default mode on android is ECB, which is insecure."

Is it really safe to use this? Are there any other options?

yes it's cuz once any block is cracked( key revealed) then hacker can crack all of the other blocks of data easily — Pavneet_Singh, Sep 29 '16 at 15:34
seems like no, but also seems like pretty secure , check this link http://stackoverflow.com/questions/36016288/cipher-with-ecb-mode-should-not-be-used — Pavneet_Singh, Sep 29 '16 at 15:52

Robert · Answer 1 · 2016-09-30T09:39:08.823

4

In general this notice is correct, but in this special case (using RSA) it is irrelevant.

Usually you encrypt large data resulting in multiple encryption blocks. If you would in such a scenario ECB it will definitely result in insecure encryption.

However you are using RSA. Usually RSA is not used for encrypting multiple blocks, it is used for encrypting one block (e.g. for encrypting one AES key). AFAIR RSA even refuses to encrypt more than one block. In such a situation it does not matter that ECB is selected - it never comes into play.

edited Sep 30 '16 at 09:39

answered Sep 29 '16 at 18:28

Robert

39,162
17
99
152

4

To be more precise, block ciphers such as AES should never use ECB mode. The concept of mode of operation in Public key algorithms such as RSA does not apply, but whoever was the designer of the Java crypto API didn't really know what he was doing, so for some absurd reason that escapes logic, you need to specify ECB mode for RSA. – TheGreatContini Sep 29 '16 at 19:51

Android Cipher.getInstance() security issue

1 Answers1