Encryption mode CBC with PKCS7 padding is vulnerable to padding oracle attacks. This makes it
possible to retrieve the clear text of the encrypted data without knowing the key.
Code snippet showing AES/CBC/PKCS7Padding in use.
public void initialize(CordovaInterface cordova, CordovaWebView webView) {
super.initialize(cordova, webView);
Log.v(TAG, "Init FingerprintAuth");
packageName = cordova.getActivity().getApplicationContext().getPackageName();
mPluginResult = new PluginResult(PluginResult.Status.NO_RESULT);
mActivity = cordova.getActivity();
mContext = cordova.getActivity().getApplicationContext();
if (Build.VERSION.SDK_INT >= 23) {
this.mKeyguardManager = (KeyguardManager)
cordova.getActivity().getSystemService(KeyguardManager.class);
this.mFingerPrintManager = (FingerprintManager)
cordova.getActivity().getApplicationContext().getSystemService(FingerprintManager.clas
s);
try {
mKeyGenerator = KeyGenerator.getInstance("AES", ANDROID_KEY_STORE);
mKeyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
try {
mCipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("Failed to get an instance of Cipher",
e);
} catch (NoSuchPaddingException e2) {
throw new RuntimeException("Failed to get an instance of Cipher",
e2);
}
} catch (NoSuchAlgorithmException e3) {
throw new RuntimeException("Failed to get an instance of
KeyGenerator", e3);
} catch (NoSuchProviderException e4) {
throw new RuntimeException("Failed to get an instance of
KeyGenerator", e4);
} catch (KeyStoreException e5) {
throw new RuntimeException("Failed to get an instance of KeyStore",
e5);
}
}
}
Encryption mode CBC with PKCS7 padding is vulnerable to padding oracle attacks. This makes it possible to retrieve the clear text of the encrypted data without knowing the key.
Code snippet showing AES/CBC/PKCS7Padding in use. public void initialize(CordovaInterface cordova, CordovaWebView webView) { super.initialize(cordova, webView); Log.v(TAG, "Init FingerprintAuth"); packageName = cordova.getActivity().getApplicationContext().getPackageName(); mPluginResult = new PluginResult(PluginResult.Status.NO_RESULT); mActivity = cordova.getActivity(); mContext = cordova.getActivity().getApplicationContext(); if (Build.VERSION.SDK_INT >= 23) { this.mKeyguardManager = (KeyguardManager) cordova.getActivity().getSystemService(KeyguardManager.class); this.mFingerPrintManager = (FingerprintManager) cordova.getActivity().getApplicationContext().getSystemService(FingerprintManager.clas s); try { mKeyGenerator = KeyGenerator.getInstance("AES", ANDROID_KEY_STORE); mKeyStore = KeyStore.getInstance(ANDROID_KEY_STORE); try { mCipher = Cipher.getInstance("AES/CBC/PKCS7Padding"); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("Failed to get an instance of Cipher", e); } catch (NoSuchPaddingException e2) { throw new RuntimeException("Failed to get an instance of Cipher", e2); } } catch (NoSuchAlgorithmException e3) { throw new RuntimeException("Failed to get an instance of KeyGenerator", e3); } catch (NoSuchProviderException e4) { throw new RuntimeException("Failed to get an instance of KeyGenerator", e4); } catch (KeyStoreException e5) { throw new RuntimeException("Failed to get an instance of KeyStore", e5); } } }