react-native-simple-crypto icon indicating copy to clipboard operation
react-native-simple-crypto copied to clipboard

Published 20 hours ago verified publisher icon ghbutton

Derived crypto keys

Open sandberg75 opened this issue 3 years ago • 2 comments

Hi, when I did a security testing of my app I got the warning that I use derived crypto keys. the way I use the library is like this.

const sha256Hash = await RNSimpleCrypto.SHA.sha256(buffer);
const key = RNSimpleCrypto.utils.convertArrayBufferToHex(sha256Hash);

The warning I get is: Reference: javax.crypto.Cipher.doFinal Encryption with insecure cipher: AES/ECB/NoPadding Raw input: [17,39,32,-98,94,-7,-45,18,-74,-27,-68,-69,124,57,-101,101]

Any idea how I can fix my code to not generate such warnings? I do not even know if that part of library is something I use or not, that generates the warning.

sandberg75 avatar May 25 '21 10:05 sandberg75

I am not sure how to fix this, I can try to reproduce

ghbutton avatar Jun 21 '21 14:06 ghbutton

The warning is not around your code but I will try to silence. How are you testing?

ghbutton avatar Jun 13 '22 05:06 ghbutton