Skip to content

RSA encryption padding change from PKCS1Padding to OAEPWithSHA-256And… #834

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
utkrishtsahu wants to merge 2 commits into
base: main
Choose a base branch
from
+309 −44
Open

RSA encryption padding change from PKCS1Padding to OAEPWithSHA-256And… #834

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d9bce21
feat: Add PKCS1 to OAEP migration with 4096-bit RSA keys fixed the mi…
utkrishtsahu Dec 17, 2025
e641aa1
UT cases update fix of 4096-bit RSA keys
utkrishtsahu Dec 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
114 changes: 94 additions & 20 deletions auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,8 @@

// Transformations available since API 18
// https://developer.android.com/training/articles/keystore.html#SupportedCiphers
private static final String RSA_TRANSFORMATION = "RSA/ECB/PKCS1Padding";
private static final String RSA_TRANSFORMATION = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
private static final String OLD_PKCS1_RSA_TRANSFORMATION = "RSA/ECB/PKCS1Padding";

Check failure

Code scanning / CodeQL

Use of RSA algorithm without OAEP High

This specification is used to
initialize an RSA cipher
Loading
without OAEP padding.
This specification is used to
initialize an RSA cipher
Loading
without OAEP padding.

Copilot Autofix

AI about 3 hours ago

The problem is the use of "RSA/ECB/PKCS1Padding" in any Cipher.getInstance call, specifically at lines 408 and 446, in conjunction with OLD_PKCS1_RSA_TRANSFORMATION. The correct approach is to only use "RSA/ECB/OAEPWithSHA-256AndMGF1Padding" (already present as RSA_TRANSFORMATION).

However, decryption of data that was encrypted previously using PKCS1 cannot be completed without using PKCS1. Thus, if backward compatibility and migration are critical, we must minimize the PKCS1 window:

  • Use PKCS1 decryption only inside strictly-controlled migration routines,
  • Re-encrypt immediately using OAEP,
  • Remove old (PKCS1) storage as soon as possible,
  • Never use PKCS1 padding except for this tightly bounded migration path.

The current code already follows this pattern: PKCS1 is only used for decryption in migration code, and the re-encryption uses OAEP immediately after. This is acceptable if legacy support is necessary, and not fixable without breaking backward compatibility. But if possible (e.g., on a new install, or after some period), the migration code and any PKCS1 support should be removed entirely.

Action:

  • If you can guarantee there is no PKCS1-wrapped ciphertext left (i.e., all users/data migrated), remove all code that uses PKCS1 padding entirely.
  • If not, restrict PKCS1 use to the minimum as in the current code, and clearly document that PKCS1 padding is only used for migration, which will be phased out.

For stricter security, optionally throw/log a warning if PKCS1 is ever used and include a feature flag to disable PKCS1 decrypt migration.

We can also clarify in the code with comments, and (optionally) add a runtime check to refuse decryption with PKCS1 unless in a migration context. If you implement version checks etc., do it here.

In summary: No code changes necessary outside of documentation, deprecation warnings, or removing migration code when migration is complete. Full OAEP-only support is best; PKCS1 use is strictly for necessary, one-time migration.

Suggested changeset 1
auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java b/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java
--- a/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java
+++ b/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java
@@ -54,6 +54,12 @@
     // Transformations available since API 18
     // https://developer.android.com/training/articles/keystore.html#SupportedCiphers
     private static final String RSA_TRANSFORMATION = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
+    /**
+     * !!! WARNING !!!
+     * "RSA/ECB/PKCS1Padding" is deprecated due to vulnerabilities (see Bleichenbacher attacks, etc),
+     * and should only be used here for *legacy key migration only*. All new data must use OAEP padding.
+     * REMOVE SUPPORT FOR THIS AS SOON AS ALL DATA IS MIGRATED.
+     */
     private static final String OLD_PKCS1_RSA_TRANSFORMATION = "RSA/ECB/PKCS1Padding";
     // https://developer.android.com/reference/javax/crypto/Cipher.html
     @SuppressWarnings("SpellCheckingInspection")
@@ -405,6 +411,7 @@
                         
                         if (rsaKey != null && keyAliasUsed != null) {
                             // Decrypt using OLD PKCS1 padding
+                            // Legacy PKCS1 padding decryption for migration ONLY. See warning on OLD_PKCS1_RSA_TRANSFORMATION.
                             Cipher rsaPkcs1Cipher = Cipher.getInstance(OLD_PKCS1_RSA_TRANSFORMATION);
                             rsaPkcs1Cipher.init(Cipher.DECRYPT_MODE, rsaKey.getPrivateKey());
                             byte[] decryptedAESKey = rsaPkcs1Cipher.doFinal(encryptedAESBytes);
@@ -443,6 +450,7 @@
             try {
                 byte[] encryptedOldAESBytes = Base64.decode(encodedOldAES, Base64.DEFAULT);
                 KeyStore.PrivateKeyEntry rsaKeyEntry = getRSAKeyEntry();
+                // Legacy PKCS1 padding decryption for migration ONLY. See warning on OLD_PKCS1_RSA_TRANSFORMATION.
                 Cipher rsaPkcs1Cipher = Cipher.getInstance(OLD_PKCS1_RSA_TRANSFORMATION);
                 rsaPkcs1Cipher.init(Cipher.DECRYPT_MODE, rsaKeyEntry.getPrivateKey());
                 byte[] decryptedAESKey = rsaPkcs1Cipher.doFinal(encryptedOldAESBytes);
EOF
@@ -54,6 +54,12 @@
// Transformations available since API 18
// https://developer.android.com/training/articles/keystore.html#SupportedCiphers
private static final String RSA_TRANSFORMATION = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
/**
* !!! WARNING !!!
* "RSA/ECB/PKCS1Padding" is deprecated due to vulnerabilities (see Bleichenbacher attacks, etc),
* and should only be used here for *legacy key migration only*. All new data must use OAEP padding.
* REMOVE SUPPORT FOR THIS AS SOON AS ALL DATA IS MIGRATED.
*/
private static final String OLD_PKCS1_RSA_TRANSFORMATION = "RSA/ECB/PKCS1Padding";
// https://developer.android.com/reference/javax/crypto/Cipher.html
@SuppressWarnings("SpellCheckingInspection")
@@ -405,6 +411,7 @@

if (rsaKey != null && keyAliasUsed != null) {
// Decrypt using OLD PKCS1 padding
// Legacy PKCS1 padding decryption for migration ONLY. See warning on OLD_PKCS1_RSA_TRANSFORMATION.
Cipher rsaPkcs1Cipher = Cipher.getInstance(OLD_PKCS1_RSA_TRANSFORMATION);
rsaPkcs1Cipher.init(Cipher.DECRYPT_MODE, rsaKey.getPrivateKey());
byte[] decryptedAESKey = rsaPkcs1Cipher.doFinal(encryptedAESBytes);
@@ -443,6 +450,7 @@
try {
byte[] encryptedOldAESBytes = Base64.decode(encodedOldAES, Base64.DEFAULT);
KeyStore.PrivateKeyEntry rsaKeyEntry = getRSAKeyEntry();
// Legacy PKCS1 padding decryption for migration ONLY. See warning on OLD_PKCS1_RSA_TRANSFORMATION.
Cipher rsaPkcs1Cipher = Cipher.getInstance(OLD_PKCS1_RSA_TRANSFORMATION);
rsaPkcs1Cipher.init(Cipher.DECRYPT_MODE, rsaKeyEntry.getPrivateKey());
byte[] decryptedAESKey = rsaPkcs1Cipher.doFinal(encryptedOldAESBytes);
Copilot is powered by AI and may make mistakes. Always verify output.
// https://developer.android.com/reference/javax/crypto/Cipher.html
@SuppressWarnings("SpellCheckingInspection")
private static final String AES_TRANSFORMATION = "AES/GCM/NOPADDING";
Expand All @@ -62,7 +63,7 @@
private static final String ALGORITHM_RSA = "RSA";
private static final String ALGORITHM_AES = "AES";
private static final int AES_KEY_SIZE = 256;
private static final int RSA_KEY_SIZE = 2048;
private static final int RSA_KEY_SIZE = 4096;
Copy link

Copilot AI Aug 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Increasing RSA key size from 2048 to 4096 bits will significantly impact performance for key generation and encryption/decryption operations. Consider whether this change is necessary for security requirements or if 2048 bits is sufficient for the application's threat model.

Suggested change
private static final int RSA_KEY_SIZE = 4096;
private static final int RSA_KEY_SIZE = 2048;

Copilot uses AI. Check for mistakes.
Copy link
Contributor

@pmathew92 pmathew92 Aug 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need to increase the size ? Was this suggested by the security team ?

Copy link
Contributor Author

@utkrishtsahu utkrishtsahu Dec 17, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes suggested by security team https://auth0team.atlassian.net/browse/SEC-4858?assignee=712020%3A746f4583-dada-45dc-8f76-07f273104490&selectedIssue=SDK-6001


private static final byte FORMAT_MARKER = 0x01;

Expand Down Expand Up @@ -372,30 +373,100 @@
@VisibleForTesting
byte[] getAESKey() throws IncompatibleDeviceException, CryptoException {
String encodedEncryptedAES = storage.retrieveString(KEY_ALIAS);
if (TextUtils.isEmpty(encodedEncryptedAES)) {
encodedEncryptedAES = storage.retrieveString(OLD_KEY_ALIAS);
if (!TextUtils.isEmpty(encodedEncryptedAES)) {
byte[] encryptedAESBytes = Base64.decode(encodedEncryptedAES, Base64.DEFAULT);
try {
return RSADecrypt(encryptedAESBytes);
} catch (IncompatibleDeviceException e) {
String fullMessage = e.toString();
Throwable cause = e.getCause();
while (cause != null) {
fullMessage += "\n" + cause.toString();
cause = cause.getCause();
}

if (fullMessage.contains("Incompatible padding mode") ||
fullMessage.contains("INCOMPATIBLE_PADDING_MODE")) {
try {
KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
keyStore.load(null);

// Get the RSA key from KeyStore (could be at KEY_ALIAS or OLD_KEY_ALIAS)
KeyStore.PrivateKeyEntry rsaKey = null;
String keyAliasUsed = null;

if (keyStore.containsAlias(KEY_ALIAS)) {
rsaKey = getKeyEntryCompat(keyStore, KEY_ALIAS);
keyAliasUsed = KEY_ALIAS;
} else if (keyStore.containsAlias(OLD_KEY_ALIAS)) {
rsaKey = getKeyEntryCompat(keyStore, OLD_KEY_ALIAS);
keyAliasUsed = OLD_KEY_ALIAS;
}

if (rsaKey != null && keyAliasUsed != null) {
// Decrypt using OLD PKCS1 padding
Cipher rsaPkcs1Cipher = Cipher.getInstance(OLD_PKCS1_RSA_TRANSFORMATION);

Check failure

Code scanning / CodeQL

Use of RSA algorithm without OAEP High

This specification is used to
initialize an RSA cipher
Loading
without OAEP padding.

Copilot Autofix

AI about 3 hours ago

The core flag is at:

Cipher rsaPkcs1Cipher = Cipher.getInstance(OLD_PKCS1_RSA_TRANSFORMATION);

The context makes this necessary for decryption during migration from old (insecure) data. The code then immediately re-encrypts using RSAEncrypt, which should internally use OAEP padding (this logic is correct).

Required fix:

  • Add a warning comment to clarify that the use of PKCS1 here is intentional, only for decryption of legacy data, and should never be copied for encryption.
  • Make sure any nearby encryption operations (such as RSAEncrypt) use OAEP and, if not, update them.
  • If possible within the snippet, add a comment or refactor variable names to reduce the risk of pattern duplication elsewhere.

Imports, methods, and definitions:

  • No new imports required.
  • Only comment additions/clarification within the given snippet.
  • If the OLD_PKCS1_RSA_TRANSFORMATION definition is present in the snippet, comment its meaning.
Suggested changeset 1
auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java b/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java
--- a/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java
+++ b/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java
@@ -404,7 +404,8 @@
                         }
                         
                         if (rsaKey != null && keyAliasUsed != null) {
-                            // Decrypt using OLD PKCS1 padding
+                            // WARNING: Using PKCS1 padding here is intentional and ONLY for decrypting legacy data
+                            // Do NOT use PKCS1 padding for encryption in new code; always use OAEP padding instead.
                             Cipher rsaPkcs1Cipher = Cipher.getInstance(OLD_PKCS1_RSA_TRANSFORMATION);
                             rsaPkcs1Cipher.init(Cipher.DECRYPT_MODE, rsaKey.getPrivateKey());
                             byte[] decryptedAESKey = rsaPkcs1Cipher.doFinal(encryptedAESBytes);
EOF
@@ -404,7 +404,8 @@
}

if (rsaKey != null && keyAliasUsed != null) {
// Decrypt using OLD PKCS1 padding
// WARNING: Using PKCS1 padding here is intentional and ONLY for decrypting legacy data
// Do NOT use PKCS1 padding for encryption in new code; always use OAEP padding instead.
Cipher rsaPkcs1Cipher = Cipher.getInstance(OLD_PKCS1_RSA_TRANSFORMATION);
rsaPkcs1Cipher.init(Cipher.DECRYPT_MODE, rsaKey.getPrivateKey());
byte[] decryptedAESKey = rsaPkcs1Cipher.doFinal(encryptedAESBytes);
Copilot is powered by AI and may make mistakes. Always verify output.
rsaPkcs1Cipher.init(Cipher.DECRYPT_MODE, rsaKey.getPrivateKey());
byte[] decryptedAESKey = rsaPkcs1Cipher.doFinal(encryptedAESBytes);
deleteRSAKeys();

// Re-encrypt AES key with NEW OAEP RSA key (4096-bit)
byte[] encryptedAESWithOAEP = RSAEncrypt(decryptedAESKey);
String newEncodedEncryptedAES = new String(
Base64.encode(encryptedAESWithOAEP, Base64.DEFAULT),
StandardCharsets.UTF_8
);
storage.store(KEY_ALIAS, newEncodedEncryptedAES);

return decryptedAESKey;
}
} catch (CryptoException | KeyStoreException | CertificateException |
IOException | NoSuchAlgorithmException | UnrecoverableEntryException |
NoSuchPaddingException | InvalidKeyException |
IllegalBlockSizeException | BadPaddingException ex) {
Log.e(TAG, "Could not migrate. A new key will be generated.", ex);
deleteRSAKeys();
deleteAESKeys();
}
}
throw e;
} catch (CryptoException e) {
// RSA decryption failed - the encrypted AES key is corrupted or the RSA key is invalid
// Delete keys and regenerate them
Log.w(TAG, "RSA decryption failed with CryptoException. Keys may be corrupted. Will regenerate.", e);
deleteRSAKeys();
deleteAESKeys();
}
}
if (encodedEncryptedAES != null) {
//Return existing key
byte[] encryptedAES = Base64.decode(encodedEncryptedAES, Base64.DEFAULT);
byte[] existingAES = RSADecrypt(encryptedAES);
final int aesExpectedLengthInBytes = AES_KEY_SIZE / 8;
//Prevent returning an 'Empty key' (invalid/corrupted) that was mistakenly saved
if (existingAES != null && existingAES.length == aesExpectedLengthInBytes) {
//Key exists and has the right size
return existingAES;
String encodedOldAES = storage.retrieveString(OLD_KEY_ALIAS);
if (!TextUtils.isEmpty(encodedOldAES)) {
try {
byte[] encryptedOldAESBytes = Base64.decode(encodedOldAES, Base64.DEFAULT);
KeyStore.PrivateKeyEntry rsaKeyEntry = getRSAKeyEntry();
Cipher rsaPkcs1Cipher = Cipher.getInstance(OLD_PKCS1_RSA_TRANSFORMATION);

Check failure

Code scanning / CodeQL

Use of RSA algorithm without OAEP High

This specification is used to
initialize an RSA cipher
Loading
without OAEP padding.

Copilot Autofix

AI about 3 hours ago

To fix the vulnerability, ensure RSA encryption and decryption only use OAEP padding, not PKCS#1. However, this migration logic exists because some encrypted keys from the past might only be unlocked with PKCS#1. Normally, you'd want to remove this migration code altogether if you can safely assume all users have migrated, or mitigate its risk by restricting who/what can call this code and logging all its use for monitoring. If you must retain migration logic, never allow attacker-controlled input to reach this point, and clearly document the deprecation and intention to remove this code in the near future. If possible, fail closed: don't perform legacy PKCS#1 decryption and show an error.

Best fix without loss of functionality: Remove the PKCS#1 decryption logic (lines 442–455). If a legacy AES key is present, log that migration is no longer supported and generate a new key instead. This disables legacy decryption but maintains safe default behavior (key rotation instead of possibly insecure migration).

Required changes:

  • In getAESKey (relevant snippet lines 441–459), remove the code block that attempts to decrypt using PKCS#1 and migrate. If OLD_KEY_ALIAS is found, treat it as undecryptable: log this scenario, delete the old key, and proceed to generate a new AES key.
  • No new imports are needed.
  • No new methods or variables are required.
Suggested changeset 1
auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java b/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java
--- a/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java
+++ b/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java
@@ -440,22 +440,9 @@
         }
         String encodedOldAES = storage.retrieveString(OLD_KEY_ALIAS);
         if (!TextUtils.isEmpty(encodedOldAES)) {
-            try {
-                byte[] encryptedOldAESBytes = Base64.decode(encodedOldAES, Base64.DEFAULT);
-                KeyStore.PrivateKeyEntry rsaKeyEntry = getRSAKeyEntry();
-                Cipher rsaPkcs1Cipher = Cipher.getInstance(OLD_PKCS1_RSA_TRANSFORMATION);
-                rsaPkcs1Cipher.init(Cipher.DECRYPT_MODE, rsaKeyEntry.getPrivateKey());
-                byte[] decryptedAESKey = rsaPkcs1Cipher.doFinal(encryptedOldAESBytes);
-
-                byte[] encryptedAESWithOAEP = RSAEncrypt(decryptedAESKey);
-                String newEncodedEncryptedAES = new String(Base64.encode(encryptedAESWithOAEP, Base64.DEFAULT), StandardCharsets.UTF_8);
-                storage.store(KEY_ALIAS, newEncodedEncryptedAES);
-                storage.remove(OLD_KEY_ALIAS);
-                return decryptedAESKey;
-            } catch (Exception e) {
-                Log.e(TAG, "Could not migrate the legacy AES key. A new key will be generated.", e);
-                deleteAESKeys();
-            }
+            // Legacy AES key migration via insecure RSA/PKCS1 decryption is no longer supported.
+            Log.w(TAG, "Found legacy AES key, but PKCS#1 decryption is disabled. The key will be cleared and a new one generated.");
+            deleteAESKeys();
         }
 
         try {
EOF
@@ -440,22 +440,9 @@
}
String encodedOldAES = storage.retrieveString(OLD_KEY_ALIAS);
if (!TextUtils.isEmpty(encodedOldAES)) {
try {
byte[] encryptedOldAESBytes = Base64.decode(encodedOldAES, Base64.DEFAULT);
KeyStore.PrivateKeyEntry rsaKeyEntry = getRSAKeyEntry();
Cipher rsaPkcs1Cipher = Cipher.getInstance(OLD_PKCS1_RSA_TRANSFORMATION);
rsaPkcs1Cipher.init(Cipher.DECRYPT_MODE, rsaKeyEntry.getPrivateKey());
byte[] decryptedAESKey = rsaPkcs1Cipher.doFinal(encryptedOldAESBytes);

byte[] encryptedAESWithOAEP = RSAEncrypt(decryptedAESKey);
String newEncodedEncryptedAES = new String(Base64.encode(encryptedAESWithOAEP, Base64.DEFAULT), StandardCharsets.UTF_8);
storage.store(KEY_ALIAS, newEncodedEncryptedAES);
storage.remove(OLD_KEY_ALIAS);
return decryptedAESKey;
} catch (Exception e) {
Log.e(TAG, "Could not migrate the legacy AES key. A new key will be generated.", e);
deleteAESKeys();
}
// Legacy AES key migration via insecure RSA/PKCS1 decryption is no longer supported.
Log.w(TAG, "Found legacy AES key, but PKCS#1 decryption is disabled. The key will be cleared and a new one generated.");
deleteAESKeys();
}

try {
Copilot is powered by AI and may make mistakes. Always verify output.
rsaPkcs1Cipher.init(Cipher.DECRYPT_MODE, rsaKeyEntry.getPrivateKey());
byte[] decryptedAESKey = rsaPkcs1Cipher.doFinal(encryptedOldAESBytes);

byte[] encryptedAESWithOAEP = RSAEncrypt(decryptedAESKey);
String newEncodedEncryptedAES = new String(Base64.encode(encryptedAESWithOAEP, Base64.DEFAULT), StandardCharsets.UTF_8);
storage.store(KEY_ALIAS, newEncodedEncryptedAES);
storage.remove(OLD_KEY_ALIAS);
return decryptedAESKey;
} catch (Exception e) {
Copy link

Copilot AI Aug 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Catching generic Exception is too broad and may hide specific error conditions. Consider catching specific exceptions like BadPaddingException, IllegalBlockSizeException, NoSuchAlgorithmException, etc., to handle different failure scenarios appropriately.

Suggested change
} catch (Exception e) {
} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException | KeyStoreException | UnrecoverableEntryException e) {

Copilot uses AI. Check for mistakes.
Log.e(TAG, "Could not migrate the legacy AES key. A new key will be generated.", e);
deleteAESKeys();
}
}
//Key doesn't exist. Generate new AES

try {
KeyGenerator keyGen = KeyGenerator.getInstance(ALGORITHM_AES);
keyGen.init(AES_KEY_SIZE);
byte[] aes = keyGen.generateKey().getEncoded();
//Save encrypted encoded version
byte[] encryptedAES = RSAEncrypt(aes);
String encodedEncryptedAESText = new String(Base64.encode(encryptedAES, Base64.DEFAULT), StandardCharsets.UTF_8);
storage.store(KEY_ALIAS, encodedEncryptedAESText);
return aes;
byte[] decryptedAESKey = keyGen.generateKey().getEncoded();

byte[] encryptedNewAES = RSAEncrypt(decryptedAESKey);
String encodedEncryptedNewAESText = new String(Base64.encode(encryptedNewAES, Base64.DEFAULT), StandardCharsets.UTF_8);
storage.store(KEY_ALIAS, encodedEncryptedNewAESText);
return decryptedAESKey;
} catch (NoSuchAlgorithmException e) {
/*
* This exceptions are safe to be ignored:
Expand All @@ -407,6 +478,9 @@
*/
Log.e(TAG, "Error while creating the AES key.", e);
throw new IncompatibleDeviceException(e);
} catch (Exception e) {
Copy link

Copilot AI Aug 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Catching generic Exception is too broad. This catch block should handle specific exceptions that can occur during RSA encryption or storage operations, such as CryptoException or IncompatibleDeviceException.

Suggested change
} catch (Exception e) {
} catch (InvalidKeyException
| NoSuchPaddingException
| IllegalBlockSizeException
| BadPaddingException
| KeyStoreException
| UnrecoverableEntryException
| CertificateException
| IOException
| ProviderException e) {

Copilot uses AI. Check for mistakes.
Log.e(TAG, "Unexpected error while creating the new AES key.", e);
throw new CryptoException("Unexpected error while creating the new AES key.", e);
}
}

Expand Down
Loading
Loading