Info Call to Crypto API

Description

List of all calls to cryptographic methods.

Recommendation

Do not use insecure or weak cryptographic algorithms. For example, the Data Encryption Standard (DES) encryption algorithm is considered highly insecure

Do not use Object.equals() to compare cryptographic keys

Cryptographic keys should never be serialized

Technical details

Method com.dimelo.purpleshop.activities.MainActivity.decrypt() calling method javax.crypto.Cipher.getInstance()


    private static String decrypt(byte[] p3)
    {
        String v0_3 = new javax.crypto.spec.SecretKeySpec(com.dimelo.purpleshop.activities.MainActivity.keyValue, "AES");
        javax.crypto.Cipher v1_2 = javax.crypto.Cipher.getInstance("AES");
        v1_2.init(2, v0_3);
        return new String(v1_2.doFinal(p3));
    }

Method com.dimelo.purpleshop.activities.MainActivity.decrypt() calling method javax.crypto.Cipher.doFinal()


    private static String decrypt(byte[] p3)
    {
        String v0_3 = new javax.crypto.spec.SecretKeySpec(com.dimelo.purpleshop.activities.MainActivity.keyValue, "AES");
        javax.crypto.Cipher v1_2 = javax.crypto.Cipher.getInstance("AES");
        v1_2.init(2, v0_3);
        return new String(v1_2.doFinal(p3));
    }

Method com.dimelo.purpleshop.activities.MainActivity.decrypt() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private static String decrypt(byte[] p3)
    {
        String v0_3 = new javax.crypto.spec.SecretKeySpec(com.dimelo.purpleshop.activities.MainActivity.keyValue, "AES");
        javax.crypto.Cipher v1_2 = javax.crypto.Cipher.getInstance("AES");
        v1_2.init(2, v0_3);
        return new String(v1_2.doFinal(p3));
    }

Method okio.HashingSource.<init>() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private HashingSource(okio.Source p2, okio.ByteString p3, String p4)
    {
        super(p2);
        try {
            super.mac = javax.crypto.Mac.getInstance(p4);
            super.mac.init(new javax.crypto.spec.SecretKeySpec(p3.toByteArray(), p4));
            super.messageDigest = 0;
            return;
        } catch (java.security.NoSuchAlgorithmException) {
            throw new AssertionError();
        } catch (java.security.InvalidKeyException v2_2) {
            throw new IllegalArgumentException(v2_2);
        }
    }

Method okio.HashingSink.<init>() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private HashingSink(okio.Sink p2, okio.ByteString p3, String p4)
    {
        super(p2);
        try {
            super.mac = javax.crypto.Mac.getInstance(p4);
            super.mac.init(new javax.crypto.spec.SecretKeySpec(p3.toByteArray(), p4));
            super.messageDigest = 0;
            return;
        } catch (java.security.NoSuchAlgorithmException) {
            throw new AssertionError();
        } catch (java.security.InvalidKeyException v2_2) {
            throw new IllegalArgumentException(v2_2);
        }
    }

Method okio.Buffer.hmac() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private okio.ByteString hmac(String p5, okio.ByteString p6)
    {
        try {
            javax.crypto.Mac v0 = javax.crypto.Mac.getInstance(p5);
            v0.init(new javax.crypto.spec.SecretKeySpec(p6.toByteArray(), p5));
        } catch (java.security.NoSuchAlgorithmException) {
            throw new AssertionError();
        } catch (okio.Segment v5_5) {
            throw new IllegalArgumentException(v5_5);
        }
        if (this.head != null) {
            v0.update(this.head.data, this.head.pos, (this.head.limit - this.head.pos));
            okio.Segment v5_2 = this.head;
            while(true) {
                v5_2 = v5_2.next;
                if (v5_2 == this.head) {
                    break;
                }
                v0.update(v5_2.data, v5_2.pos, (v5_2.limit - v5_2.pos));
            }
        }
        return okio.ByteString.of(v0.doFinal());
    }

Method okio.ByteString.hmac() calling method javax.crypto.spec.SecretKeySpec.<init>()


    private okio.ByteString hmac(String p3, okio.ByteString p4)
    {
        try {
            javax.crypto.Mac v0 = javax.crypto.Mac.getInstance(p3);
            v0.init(new javax.crypto.spec.SecretKeySpec(p4.toByteArray(), p3));
            return okio.ByteString.of(v0.doFinal(this.data));
        } catch (java.security.InvalidKeyException v3_3) {
            throw new AssertionError(v3_3);
        } catch (java.security.InvalidKeyException v3_2) {
            throw new IllegalArgumentException(v3_2);
        }
    }

Method com.dimelo.dimelosdk.utilities.DMXData.DimeloHMACSHA256() calling method javax.crypto.spec.SecretKeySpec.<init>()


    public static byte[] DimeloHMACSHA256(byte[] p3, byte[] p4)
    {
        try {
            javax.crypto.Mac v0_1 = javax.crypto.Mac.getInstance("HmacSHA256");
            v0_1.init(new javax.crypto.spec.SecretKeySpec(p3, "HmacSHA256"));
            int v3_2 = v0_1.doFinal(p4);
        } catch (int v3_1) {
            v3_1.printStackTrace();
            v3_2 = 0;
        } catch (int v3_3) {
            v3_3.printStackTrace();
        }
        return v3_2;
    }