Cipher With ECB Mode Should Not Be Used

Question

I am trying to use a Cipher with an RSA key pair along with the "AndroidKeyStore". In all of the Android documentation I can find, the examples show Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding") or Cipher.getInstance("RSA/ECB/PKCS1Padding"). Both of which come up with the same warning on Android Studio:

ECB Encryption should not be used

Cipher#getInstance should not be called with ECB as the cipher mode or without setting the cipher mode because the default mode on android is ECB, which is insecure.

Obviously I cannot omit it, or set the mode to None, because the default is ECB. If ECB mode is insecure, which mode should I be using?

If I use any other mode (that I know of) I get a NoSuchAlgorithmException: No provider found for RSA/{mode}/OAEPWithSHA-256AndMGF1Padding. Could the padding be the problem?

Either way, according to the Android KeyStore System documentation, ECB mode seems to be the only cipher block mode that it supports while using RSA.

Answer 1

This looks like bug in Android Lint used by Android Studio to find issues. The intention of that warning is to warn about the use of ECB block mode with symmetric ciphers, such as AES. However, there's no point in warning about this for RSA, because RSA/ECB/... Cipher accepts/processes only one block of input.

I suggest you file a bug in https://code.google.com/p/android/ against Android Lint.

Answer 2

I like this explanation (from Maarten Bodewes):

"RSA/ECB/PKCS1Padding" actually doesn't implement ECB mode encryption. It should have been called "RSA/None/PKCS1Padding" as it can only be used to encrypt a single block of plaintext (or, indeed a secret key). This is just a naming mistake of Sun/Oracle.

If your Android version includes BouncyCastle, then you can use None instead of ECB.