RxFingerprint icon indicating copy to clipboard operation
RxFingerprint copied to clipboard

Published 20 hours ago verified publisher icon Mauin

Question - Some explanation on RSA implementation

Open kuno opened this issue 6 years ago • 2 comments

Hi: I am new to cryptography and thanks for the great library.

I have two questions on the RSA implementation of this lib.

  • I saw that the RSA Cipher was created with ECB operation mode https://github.com/Mauin/RxFingerprint/blob/master/rxfingerprint/src/main/java/com/mtramin/rxfingerprint/RsaCipherProvider.java#L55

    I heard that ECB is not safe and should not be been using in production.

    Can you explain a bit why you choosing ECB?

  • How can I set the size of RSA private key?

kuno avatar Dec 27 '17 08:12 kuno

Another question is that Is that safe to use AES on devices that before API level 23 ?

I also heard that Android keystore only support AES since API 23.

kuno avatar Dec 28 '17 05:12 kuno

Hey, thanks for creating this issue. As for the 2nd part: The Fingerprint APIs were only added to the Android SDK in Android API 23. So it is not possible to use AES with this library with API levels before 23. I'll do some more reading about RSA Ciphers with ECB Block mode.

Mauin avatar Dec 30 '17 10:12 Mauin