Skip to content

RSA encryption padding change from PKCS1Padding to OAEPWithSHA-256And… #834

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
utkrishtsahu wants to merge 4 commits into
base: main
Choose a base branch
from
Open

RSA encryption padding change from PKCS1Padding to OAEPWithSHA-256And… #834

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d9bce21
feat: Add PKCS1 to OAEP migration with 4096-bit RSA keys fixed the mi…
utkrishtsahu Dec 17, 2025
e641aa1
UT cases update fix of 4096-bit RSA keys
utkrishtsahu Dec 17, 2025
967376e
added comment lines as per co pilot review
utkrishtsahu Dec 19, 2025
715bcc8
handling co pilot review comments
utkrishtsahu Dec 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
157 changes: 137 additions & 20 deletions auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,20 @@

// Transformations available since API 18
// https://developer.android.com/training/articles/keystore.html#SupportedCiphers
private static final String RSA_TRANSFORMATION = "RSA/ECB/PKCS1Padding";
private static final String RSA_TRANSFORMATION = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
/**
* !!! WARNING !!!
* "RSA/ECB/PKCS1Padding" is cryptographically deprecated due to vulnerabilities
* (e.g. Bleichenbacher padding oracle attacks) and MUST NOT be used for encrypting
* new data or for any general-purpose RSA operations.
*
* This transformation exists solely to DECRYPT pre-existing legacy data that was
* originally encrypted with PKCS#1 v1.5 padding, so that it can be re-encrypted
* using the secure OAEP-based {@link #RSA_TRANSFORMATION}. Once all legacy data has
* been migrated, support for this constant and any code paths that use it should be
* removed.
*/
private static final String LEGACY_PKCS1_RSA_TRANSFORMATION = "RSA/ECB/PKCS1Padding";

Check failure

Code scanning / CodeQL

Use of RSA algorithm without OAEP High

This specification is used to
initialize an RSA cipher
Loading
without OAEP padding.

Copilot Autofix

AI 3 days ago

In general, the fix is to ensure RSA is used with OAEP padding for all new encryption, and that any unavoidable PKCS#1 v1.5 usage is strictly limited to decrypting pre-existing legacy data, clearly labeled and not used for general-purpose operations. Since this class already uses RSA_TRANSFORMATION = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding" for modern operations, the main work is to isolate and clearly mark the PKCS#1 transformation as a legacy-only decryption path to satisfy the intent of the rule while preserving functionality.

The single best fix here without changing behavior is:

  • Keep LEGACY_PKCS1_RSA_TRANSFORMATION but strengthen its documentation, explicitly stating it MUST NOT be used for encryption and is only for decrypting old data during migration.
  • Confine PKCS#1 usage to the dedicated RSADecryptLegacyPKCS1 method (which is already the case) and add Javadoc that explains it is for one-way migration from legacy PKCS#1 to OAEP.
  • Ensure that all normal RSA decryption uses RSA_TRANSFORMATION (OAEP); based on the snippet, RSADecryptLegacyPKCS1 is already a separate helper, so we only clarify its role.

Concretely in auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java:

  • Adjust the block comment above LEGACY_PKCS1_RSA_TRANSFORMATION to highlight that it is legacy-decrypt-only and not to be used for encrypting or for arbitrary attacker-supplied ciphertext whenever possible.
  • Add a similar explanatory Javadoc above RSADecryptLegacyPKCS1 making it clear it is the only place PKCS#1 is used, and that callers should migrate data and then avoid using it.

No new methods, imports, or algorithm changes are required; we are tightening and documenting the legacy usage so the intent is explicit and future maintainers do not mistakenly expand PKCS#1 use.

Suggested changeset 1
auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java b/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java
--- a/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java
+++ b/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java
@@ -56,15 +56,18 @@
     private static final String RSA_TRANSFORMATION = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
     /**
      * !!! WARNING !!!
-     * "RSA/ECB/PKCS1Padding" is cryptographically deprecated due to vulnerabilities
-     * (e.g. Bleichenbacher padding oracle attacks) and MUST NOT be used for encrypting
-     * new data or for any general-purpose RSA operations.
-     * 
+     * "RSA/ECB/PKCS1Padding" (PKCS#1 v1.5 padding) is cryptographically deprecated due to
+     * vulnerabilities such as Bleichenbacher-style padding oracle attacks and MUST NOT be
+     * used for encrypting new data or for any general-purpose RSA operations.
+     *
      * This transformation exists solely to DECRYPT pre-existing legacy data that was
      * originally encrypted with PKCS#1 v1.5 padding, so that it can be re-encrypted
      * using the secure OAEP-based {@link #RSA_TRANSFORMATION}. Once all legacy data has
      * been migrated, support for this constant and any code paths that use it should be
      * removed.
+     *
+     * Do NOT use this constant for any new encryption, and do NOT introduce new call sites
+     * other than the dedicated legacy decryption helper in this class.
      */
     private static final String LEGACY_PKCS1_RSA_TRANSFORMATION = "RSA/ECB/PKCS1Padding";
     // https://developer.android.com/reference/javax/crypto/Cipher.html
@@ -119,6 +117,17 @@
      * @throws BadPaddingException If the encrypted data has invalid padding
      * @throws IllegalBlockSizeException If the encrypted data size is invalid
      */
+    /**
+     * Decrypt data that was encrypted with the legacy PKCS#1 v1.5 RSA padding.
+     * <p>
+     * This method is provided solely to support migration of data that was encrypted
+     * before OAEP was adopted in {@link #RSA_TRANSFORMATION}. Callers should:
+     * <ul>
+     *     <li>Use this method only for existing legacy ciphertexts, and</li>
+     *     <li>Immediately re-encrypt the resulting plaintext using OAEP.</li>
+     * </ul>
+     * It MUST NOT be used for encrypting or for handling newly-created ciphertexts.
+     */
     @NonNull
     private static byte[] RSADecryptLegacyPKCS1(@NonNull byte[] encryptedData,
                                                  @NonNull PrivateKey privateKey)
EOF
@@ -56,15 +56,18 @@
private static final String RSA_TRANSFORMATION = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
/**
* !!! WARNING !!!
* "RSA/ECB/PKCS1Padding" is cryptographically deprecated due to vulnerabilities
* (e.g. Bleichenbacher padding oracle attacks) and MUST NOT be used for encrypting
* new data or for any general-purpose RSA operations.
*
* "RSA/ECB/PKCS1Padding" (PKCS#1 v1.5 padding) is cryptographically deprecated due to
* vulnerabilities such as Bleichenbacher-style padding oracle attacks and MUST NOT be
* used for encrypting new data or for any general-purpose RSA operations.
*
* This transformation exists solely to DECRYPT pre-existing legacy data that was
* originally encrypted with PKCS#1 v1.5 padding, so that it can be re-encrypted
* using the secure OAEP-based {@link #RSA_TRANSFORMATION}. Once all legacy data has
* been migrated, support for this constant and any code paths that use it should be
* removed.
*
* Do NOT use this constant for any new encryption, and do NOT introduce new call sites
* other than the dedicated legacy decryption helper in this class.
*/
private static final String LEGACY_PKCS1_RSA_TRANSFORMATION = "RSA/ECB/PKCS1Padding";
// https://developer.android.com/reference/javax/crypto/Cipher.html
@@ -119,6 +117,17 @@
* @throws BadPaddingException If the encrypted data has invalid padding
* @throws IllegalBlockSizeException If the encrypted data size is invalid
*/
/**
* Decrypt data that was encrypted with the legacy PKCS#1 v1.5 RSA padding.
* <p>
* This method is provided solely to support migration of data that was encrypted
* before OAEP was adopted in {@link #RSA_TRANSFORMATION}. Callers should:
* <ul>
* <li>Use this method only for existing legacy ciphertexts, and</li>
* <li>Immediately re-encrypt the resulting plaintext using OAEP.</li>
* </ul>
* It MUST NOT be used for encrypting or for handling newly-created ciphertexts.
*/
@NonNull
private static byte[] RSADecryptLegacyPKCS1(@NonNull byte[] encryptedData,
@NonNull PrivateKey privateKey)
Copilot is powered by AI and may make mistakes. Always verify output.
// https://developer.android.com/reference/javax/crypto/Cipher.html
@SuppressWarnings("SpellCheckingInspection")
private static final String AES_TRANSFORMATION = "AES/GCM/NOPADDING";
Expand All @@ -62,7 +75,7 @@
private static final String ALGORITHM_RSA = "RSA";
private static final String ALGORITHM_AES = "AES";
private static final int AES_KEY_SIZE = 256;
private static final int RSA_KEY_SIZE = 2048;
private static final int RSA_KEY_SIZE = 4096;

private static final byte FORMAT_MARKER = 0x01;

Expand Down Expand Up @@ -91,6 +104,31 @@
this.storage = storage;
}

/**
* Decrypts data that was encrypted using legacy RSA/PKCS1 padding.
* <p>
* WARNING: This must only be used for decrypting legacy data during migration.
* New code must always use OAEP padding for RSA encryption/decryption.
*
* @param encryptedData The data encrypted with PKCS1 padding
* @param privateKey The private key for decryption
* @return The decrypted data
* @throws NoSuchPaddingException If PKCS1 padding is not available
* @throws NoSuchAlgorithmException If RSA algorithm is not available
* @throws InvalidKeyException If the private key is invalid
* @throws BadPaddingException If the encrypted data has invalid padding
* @throws IllegalBlockSizeException If the encrypted data size is invalid
*/
@NonNull
private static byte[] RSADecryptLegacyPKCS1(@NonNull byte[] encryptedData,
@NonNull PrivateKey privateKey)
throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException,
BadPaddingException, IllegalBlockSizeException {
Cipher rsaPkcs1Cipher = Cipher.getInstance(LEGACY_PKCS1_RSA_TRANSFORMATION);

Check failure

Code scanning / CodeQL

Use of RSA algorithm without OAEP High

This specification is used to
initialize an RSA cipher
Loading
without OAEP padding.

Copilot Autofix

AI 3 days ago

In general, the way to fix RSA‑without‑OAEP findings is to use an OAEP transformation string with Cipher.getInstance (e.g. "RSA/ECB/OAEPWithSHA-256AndMGF1Padding") and ensure that all new RSA encryption and decryption uses that scheme. However, in this snippet the method is specifically for decrypting legacy PKCS1‑padded ciphertext; switching this to OAEP would make it impossible to decrypt existing data. The best fix that preserves functionality is therefore:

  • Keep PKCS1 use confined to this one migration helper.
  • Make the legacy nature explicit in code by:
    • Renaming or reinforcing the constant name to show it is legacy (if accessible) and
    • Adding strong documentation and, if possible, annotations to discourage any reuse.
  • Ensure that all non‑legacy RSA operations in this file (not shown in the snippet) use OAEP, and that this helper is not reused for anything else.

Within the given snippet, we can strengthen the guardrails on this method by adding a prominent warning comment and, if available, an annotation signaling that it is for legacy/migration only. We must not change Cipher.getInstance(LEGACY_PKCS1_RSA_TRANSFORMATION) to an OAEP transformation because the method’s contract is to decrypt PKCS1 ciphertext.

Concretely in auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java:

  • Above RSADecryptLegacyPKCS1, add or enhance the documentation comment to clearly state that this method must never be used for new encryption schemes and that all new RSA usage must use OAEP. The snippet already contains such wording; we can tighten it further.
  • Optionally add an internal @VisibleForTesting or similar annotation if available, but we should not introduce new dependencies. Since we already import androidx.annotation.VisibleForTesting, we can reuse that as appropriate, but adding it to this helper would misrepresent its purpose (it’s not only for testing), so we will instead only strengthen the comment.

No imports, methods, or external libs are required beyond updating the comment to make the legacy nature explicit for static analysis reviewers and developers. The functional code (lines 127–129) remains unchanged to preserve decryption compatibility.

Suggested changeset 1
auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java b/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java
--- a/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java
+++ b/auth0/src/main/java/com/auth0/android/authentication/storage/CryptoUtil.java
@@ -107,9 +107,11 @@
     /**
      * Decrypts data that was encrypted using legacy RSA/PKCS1 padding.
      * <p>
-     * WARNING: This must only be used for decrypting legacy data during migration.
-     * New code must always use OAEP padding for RSA encryption/decryption.
-     * 
+     * WARNING: This method exists solely to support decryption of data that was
+     * previously encrypted with RSA/PKCS1 padding in older versions of this SDK.
+     * It MUST NOT be used for encrypting or decrypting any new data. All new RSA
+     * encryption/decryption must use an OAEP-based transformation instead.
+     *
      * @param encryptedData The data encrypted with PKCS1 padding
      * @param privateKey The private key for decryption
      * @return The decrypted data
EOF
@@ -107,9 +107,11 @@
/**
* Decrypts data that was encrypted using legacy RSA/PKCS1 padding.
* <p>
* WARNING: This must only be used for decrypting legacy data during migration.
* New code must always use OAEP padding for RSA encryption/decryption.
*
* WARNING: This method exists solely to support decryption of data that was
* previously encrypted with RSA/PKCS1 padding in older versions of this SDK.
* It MUST NOT be used for encrypting or decrypting any new data. All new RSA
* encryption/decryption must use an OAEP-based transformation instead.
*
* @param encryptedData The data encrypted with PKCS1 padding
* @param privateKey The private key for decryption
* @return The decrypted data
Copilot is powered by AI and may make mistakes. Always verify output.
rsaPkcs1Cipher.init(Cipher.DECRYPT_MODE, privateKey);
return rsaPkcs1Cipher.doFinal(encryptedData);
}

/**
* Attempts to recover the existing RSA Private Key entry or generates a new one as secure as
* this device and Android version allows it if none is found.
Expand Down Expand Up @@ -372,30 +410,106 @@
@VisibleForTesting
byte[] getAESKey() throws IncompatibleDeviceException, CryptoException {
String encodedEncryptedAES = storage.retrieveString(KEY_ALIAS);
if (TextUtils.isEmpty(encodedEncryptedAES)) {
encodedEncryptedAES = storage.retrieveString(OLD_KEY_ALIAS);
if (!TextUtils.isEmpty(encodedEncryptedAES)) {
byte[] encryptedAESBytes = Base64.decode(encodedEncryptedAES, Base64.DEFAULT);
try {
return RSADecrypt(encryptedAESBytes);
Copy link

Copilot AI Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing validation of the decrypted AES key length after PKCS1 decryption. The original getAESKey implementation validated that the AES key has the expected length (32 bytes for 256-bit AES) before returning it. Without this validation, a corrupted or malformed legacy key could be migrated and cause issues later. Consider validating that decryptedAESKey.length equals AES_KEY_SIZE / 8 before proceeding with re-encryption.

Suggested change
return RSADecrypt(encryptedAESBytes);
byte[] decryptedAESKey = RSADecrypt(encryptedAESBytes);
// Validate that the decrypted AES key has the expected length (e.g. 32 bytes for 256-bit AES)
if (decryptedAESKey == null || decryptedAESKey.length != AES_KEY_SIZE / 8) {
// Treat this as corrupted key material: clean up and signal an error
deleteRSAKeys();
deleteAESKeys();
throw new CryptoException("The RSA decrypted AES key has an unexpected length.");
}
return decryptedAESKey;

Copilot uses AI. Check for mistakes.
} catch (IncompatibleDeviceException e) {
String fullMessage = e.toString();
Throwable cause = e.getCause();
while (cause != null) {
fullMessage += "\n" + cause.toString();
cause = cause.getCause();
}

if (fullMessage.contains("Incompatible padding mode") ||
fullMessage.contains("INCOMPATIBLE_PADDING_MODE")) {
try {
KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
keyStore.load(null);

// Get the RSA key from KeyStore (could be at KEY_ALIAS or OLD_KEY_ALIAS)
KeyStore.PrivateKeyEntry rsaKey = null;
String keyAliasUsed = null;

if (keyStore.containsAlias(KEY_ALIAS)) {
rsaKey = getKeyEntryCompat(keyStore, KEY_ALIAS);
keyAliasUsed = KEY_ALIAS;
} else if (keyStore.containsAlias(OLD_KEY_ALIAS)) {
rsaKey = getKeyEntryCompat(keyStore, OLD_KEY_ALIAS);
keyAliasUsed = OLD_KEY_ALIAS;
}

if (rsaKey != null && keyAliasUsed != null) {
// WARNING: Using PKCS1 padding here is intentional and ONLY for decrypting legacy data.
// This cipher must NEVER be used for encryption or for any new data; always use OAEP instead.
byte[] decryptedAESKey = RSADecryptLegacyPKCS1(
encryptedAESBytes,
rsaKey.getPrivateKey()
);
deleteRSAKeys();

// Re-encrypt AES key with NEW OAEP RSA key (4096-bit)
byte[] encryptedAESWithOAEP = RSAEncrypt(decryptedAESKey);
String newEncodedEncryptedAES = new String(
Base64.encode(encryptedAESWithOAEP, Base64.DEFAULT),
StandardCharsets.UTF_8
);
Copy link

Copilot AI Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing validation of the decrypted AES key length after PKCS1 decryption from OLD_KEY_ALIAS. The original getAESKey implementation validated that the AES key has the expected length (32 bytes for 256-bit AES) before returning it. Without this validation, a corrupted or malformed legacy key could be migrated. Consider validating that decryptedAESKey.length equals AES_KEY_SIZE / 8 before proceeding with re-encryption.

Copilot uses AI. Check for mistakes.
storage.store(KEY_ALIAS, newEncodedEncryptedAES);

return decryptedAESKey;
}
} catch (CryptoException | KeyStoreException | CertificateException |
IOException | NoSuchAlgorithmException | UnrecoverableEntryException |
NoSuchPaddingException | InvalidKeyException |
IllegalBlockSizeException | BadPaddingException ex) {
Log.e(TAG, "Could not migrate. A new key will be generated.", ex);
deleteRSAKeys();
Comment on lines +464 to +467
Copy link

Copilot AI Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Catching a generic Exception here is overly broad and could hide unexpected issues. The catch block swallows all exceptions (including potential runtime exceptions) and simply generates a new key, which could mask serious bugs. Consider catching only the specific checked exceptions that can be thrown by the operations inside the try block (NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, CryptoException, KeyStoreException, CertificateException, IOException, UnrecoverableEntryException) to maintain better error visibility.

Copilot uses AI. Check for mistakes.
deleteAESKeys();
}
} else {
throw e;
}
} catch (CryptoException e) {
// RSA decryption failed - the encrypted AES key is corrupted or the RSA key is invalid
// Delete keys and regenerate them
Log.w(TAG, "RSA decryption failed with CryptoException. Keys may be corrupted. Will regenerate.", e);
deleteRSAKeys();
deleteAESKeys();
}
}
if (encodedEncryptedAES != null) {
//Return existing key
byte[] encryptedAES = Base64.decode(encodedEncryptedAES, Base64.DEFAULT);
byte[] existingAES = RSADecrypt(encryptedAES);
final int aesExpectedLengthInBytes = AES_KEY_SIZE / 8;
//Prevent returning an 'Empty key' (invalid/corrupted) that was mistakenly saved
if (existingAES != null && existingAES.length == aesExpectedLengthInBytes) {
//Key exists and has the right size
return existingAES;
String encodedOldAES = storage.retrieveString(OLD_KEY_ALIAS);
if (!TextUtils.isEmpty(encodedOldAES)) {
try {
byte[] encryptedOldAESBytes = Base64.decode(encodedOldAES, Base64.DEFAULT);
KeyStore.PrivateKeyEntry rsaKeyEntry = getRSAKeyEntry();
// WARNING: Using PKCS1 padding here is intentional and ONLY for decrypting legacy data.
// This cipher must NEVER be used for encryption or for any new data; always use OAEP padding instead.
byte[] decryptedAESKey = RSADecryptLegacyPKCS1(
encryptedOldAESBytes,
rsaKeyEntry.getPrivateKey()
);

byte[] encryptedAESWithOAEP = RSAEncrypt(decryptedAESKey);
Comment on lines +490 to +493
Copy link

Copilot AI Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Catching a generic Exception here is overly broad and could mask programming errors or unexpected runtime exceptions. The outer catch for the key generation logic should only catch the specific exceptions that can be thrown. Since this is a new key generation path, catching Exception and wrapping it in CryptoException reduces visibility into actual failures. Consider catching only IncompatibleDeviceException and CryptoException that might propagate from RSAEncrypt.

Copilot uses AI. Check for mistakes.
String newEncodedEncryptedAES = new String(Base64.encode(encryptedAESWithOAEP, Base64.DEFAULT), StandardCharsets.UTF_8);
storage.store(KEY_ALIAS, newEncodedEncryptedAES);
storage.remove(OLD_KEY_ALIAS);
return decryptedAESKey;
} catch (Exception e) {
Copy link

Copilot AI Aug 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Catching generic Exception is too broad and may hide specific error conditions. Consider catching specific exceptions like BadPaddingException, IllegalBlockSizeException, NoSuchAlgorithmException, etc., to handle different failure scenarios appropriately.

Suggested change
} catch (Exception e) {
} catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException | KeyStoreException | UnrecoverableEntryException e) {

Copilot uses AI. Check for mistakes.
Copy link
Contributor Author

@utkrishtsahu utkrishtsahu Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

made new changes on 17 dec will check on copilot review on it.

Log.e(TAG, "Could not migrate the legacy AES key. A new key will be generated.", e);
deleteAESKeys();
}
}
//Key doesn't exist. Generate new AES

try {
KeyGenerator keyGen = KeyGenerator.getInstance(ALGORITHM_AES);
keyGen.init(AES_KEY_SIZE);
byte[] aes = keyGen.generateKey().getEncoded();
//Save encrypted encoded version
byte[] encryptedAES = RSAEncrypt(aes);
String encodedEncryptedAESText = new String(Base64.encode(encryptedAES, Base64.DEFAULT), StandardCharsets.UTF_8);
storage.store(KEY_ALIAS, encodedEncryptedAESText);
return aes;
byte[] decryptedAESKey = keyGen.generateKey().getEncoded();

byte[] encryptedNewAES = RSAEncrypt(decryptedAESKey);
String encodedEncryptedNewAESText = new String(Base64.encode(encryptedNewAES, Base64.DEFAULT), StandardCharsets.UTF_8);
storage.store(KEY_ALIAS, encodedEncryptedNewAESText);
return decryptedAESKey;
} catch (NoSuchAlgorithmException e) {
/*
* This exceptions are safe to be ignored:
Expand All @@ -407,6 +521,9 @@
*/
Log.e(TAG, "Error while creating the AES key.", e);
throw new IncompatibleDeviceException(e);
} catch (Exception e) {
Copy link

Copilot AI Aug 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Catching generic Exception is too broad. This catch block should handle specific exceptions that can occur during RSA encryption or storage operations, such as CryptoException or IncompatibleDeviceException.

Suggested change
} catch (Exception e) {
} catch (InvalidKeyException
| NoSuchPaddingException
| IllegalBlockSizeException
| BadPaddingException
| KeyStoreException
| UnrecoverableEntryException
| CertificateException
| IOException
| ProviderException e) {

Copilot uses AI. Check for mistakes.
Copy link
Contributor Author

@utkrishtsahu utkrishtsahu Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

made new changes on 17 dec will check on copilot review on it.

Log.e(TAG, "Unexpected error while creating the new AES key.", e);
throw new CryptoException("Unexpected error while creating the new AES key.", e);
}
}

Expand Down
Loading
Loading