Add MASTG-BEST-0025 and MASTG-BEST-0026 for secure digital signature generation

[Copilot]

This PR closes #3517

Description

Adds best practice guidance for secure digital signature generation on Android and iOS, addressing CWE-347 (Improper Verification of Cryptographic Signature).

MASTG-BEST-0025 (Android)

• Secure algorithms: SHA256withRSA, SHA384withRSA, SHA256withECDSA, SHA384withECDSA
• Avoid: MD5withRSA, SHA1withRSA, NONEwithRSA
• KeyGenParameterSpec: Configure digests (SHA-256+), key sizes (3072+ bits RSA, P-256+ ECDSA)
• Platform providers: Use java.security.Signature and Android Keystore, avoid custom implementations

Example:

KeyGenParameterSpec spec = new KeyGenParameterSpec.Builder(
    "keyAlias",
    KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY
)
    .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384)
    .setKeySize(3072)
    .build();

MASTG-BEST-0026 (iOS)

• Prefer CryptoKit: P256.Signing, P384.Signing, Curve25519.Signing (iOS 13.0+)
• SecKey algorithms: kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256, kSecKeyAlgorithmECDSASignatureMessageX962SHA256
• Avoid: SHA-1 based algorithms, legacy padding
• Key sizes: 3072+ bits RSA, P-256+ ECDSA

Example:

import CryptoKit

let signingKey = P256.Signing.PrivateKey()
let signature = try signingKey.signature(for: data)
let isValid = signingKey.publicKey.isValidSignature(signature, for: data)

Both files emphasize using platform cryptographic libraries over custom implementations to prevent vulnerabilities (weak nonces, timing attacks, improper padding).

References: NIST FIPS 186-5, NIST SP 800-57, RFC 8017, RFC 8032, Android/Apple documentation

---

[x] I have read the contributing guidelines.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Create MASTG-BEST best practice files addressing "Improper Generation of Digital Signatures" in Android and iOS</issue_title>
<issue_description>Use this as a reference, double check for technical accuracy.
Be sure to format everything well and include authoritative sources for everything.

Android

Use java.security.Signature with secure algorithm names like SHA256withRSA, SHA384withRSA, SHA256withECDSA, or SHA384withECDSA. Avoid MD5withRSA, SHA1withRSA, and other algorithms that Android marks as deprecated or insecure.

When generating keys in the Android Keystore, use KeyGenParameterSpec to specify secure digests and key sizes, for example setting digests to SHA256 or SHA384 and key size to at least 3072 bits for RSA, or choosing EC curves that implement at least P 256.

Do not implement signature schemes yourself in app code. Always prefer well maintained libraries and the Android platform crypto providers to avoid pitfalls like weak nonces for ECDSA.

iOS

Prefer CryptoKit or modern Security framework APIs over older or deprecated interfaces. For example, use CryptoKit types like P256.Signing or Curve25519 based APIs instead of rolling your own ECDSA or RSA implementation.

When using SecKey APIs, specify secure algorithms such as kSecKeyAlgorithmRSASignatureMessagePKCS1v15SHA256, or secure EC signature algorithms, and avoid SHA1 based algorithms or legacy padding options.

Do not implement signature schemes manually. Rely on the system crypto libraries and ensure they are configured with secure algorithms and key sizes.</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Create MASTG-BEST best practice files addressing "Improper Generation of Digital Signatures" in Android and iOS #3517

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.