I am trying to use a Cipher
with an RSA key pair along with the "AndroidKeyStore"
. In all of the Android documentation I can find, the examples show Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding")
or Cipher.getInstance("RSA/ECB/PKCS1Padding")
. Both of which come up with the same warning on Android Studio:
ECB Encryption should not be used
Cipher#getInstance should not be called with ECB as the cipher mode or without setting the cipher mode because the default mode on android is ECB, which is insecure.
Obviously I cannot omit it, or set the mode to None
, because the default is ECB. If ECB mode is insecure, which mode should I be using?
If I use any other mode (that I know of) I get a NoSuchAlgorithmException: No provider found for RSA/{mode}/OAEPWithSHA-256AndMGF1Padding
. Could the padding be the problem?
Either way, according to the Android KeyStore System documentation, ECB mode seems to be the only cipher block mode that it supports while using RSA.
Of the five DES modes, ECB is the simplest and weakest, because repeating plaintext generates repeating ciphertext. As a result, anyone can easily derive the secret keys to break the encryption and decrypt the ciphertext. ECB may also leave obvious plaintext patterns in the resulting ciphertext.
You should not use ECB mode because it will encrypt identical message blocks (i.e., the amount of data encrypted in each invocation of the block-cipher) to identical ciphertext blocks. This is a problem because it will reveal if the same messages blocks are encrypted multiple times.
EBC process should not be used for encryption for small box sizes.
Block modes for asymmetric encryptionYou still should not use ECB, for the same reason as before. In practice, though, block modes don't get used with asymmetric encryption, because encrypting many blocks with an asymmetric scheme would be really slow.
This looks like bug in Android Lint used by Android Studio to find issues. The intention of that warning is to warn about the use of ECB block mode with symmetric ciphers, such as AES. However, there's no point in warning about this for RSA, because RSA/ECB/... Cipher accepts/processes only one block of input.
I suggest you file a bug in https://code.google.com/p/android/ against Android Lint.
I like this explanation (from Maarten Bodewes):
"RSA/ECB/PKCS1Padding"
actually doesn't implement ECB mode encryption. It should have been called"RSA/None/PKCS1Padding"
as it can only be used to encrypt a single block of plaintext (or, indeed a secret key). This is just a naming mistake of Sun/Oracle.
If your Android version includes BouncyCastle, then you can use None
instead of ECB
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With