Info Call to Crypto API

Description

List of all calls to cryptographic methods.

Recommendation

Do not use insecure or weak cryptographic algorithms. For example, the Data Encryption Standard (DES) encryption algorithm is considered highly insecure

Do not use Object.equals() to compare cryptographic keys

Cryptographic keys should never be serialized

Technical details

Method com.digitalticks.trade.CommonCode.h.a() calling method javax.crypto.spec.IvParameterSpec.<init>()


    public byte[] a(byte[] p4, byte[] p5, byte[] p6)
    {
        javax.crypto.Cipher v0_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");
        v0_1.init(1, new javax.crypto.spec.SecretKeySpec(p5, "AES"), new javax.crypto.spec.IvParameterSpec(p6));
        return v0_1.doFinal(p4);
    }

Method com.digitalticks.trade.Activities.VerifyTouchActivity.n() calling method javax.crypto.KeyGenerator.getInstance()


    protected void n()
    {
        try {
            this.z = java.security.KeyStore.getInstance("AndroidKeyStore");
            try {
                java.io.IOException v0_3 = javax.crypto.KeyGenerator.getInstance("AES", "AndroidKeyStore");
                try {
                    this.z.load(0);
                    RuntimeException v1_5 = new android.security.keystore.KeyGenParameterSpec$Builder("DT", 3);
                    String v3_1 = new String[1];
                    v3_1[0] = "CBC";
                    RuntimeException v1_7 = v1_5.setBlockModes(v3_1).setUserAuthenticationRequired(1);
                    String v2_4 = new String[1];
                    v2_4[0] = "PKCS7Padding";
                    v0_3.init(v1_7.setEncryptionPaddings(v2_4).build());
                    v0_3.generateKey();
                    return;
                } catch (java.io.IOException v0_2) {
                    throw new RuntimeException(v0_2);
                } catch (java.io.IOException v0_2) {
                } catch (java.io.IOException v0_2) {
                } catch (java.io.IOException v0_2) {
                }
            } catch (java.io.IOException v0_1) {
                throw new RuntimeException("Failed to get KeyGenerator instance", v0_1);
            } catch (java.io.IOException v0_1) {
            }
            this.z.load(0);
            v1_5 = new android.security.keystore.KeyGenParameterSpec$Builder("DT", 3);
            v3_1 = new String[1];
            v3_1[0] = "CBC";
            v1_7 = v1_5.setBlockModes(v3_1).setUserAuthenticationRequired(1);
            v2_4 = new String[1];
            v2_4[0] = "PKCS7Padding";
            v0_3.init(v1_7.setEncryptionPaddings(v2_4).build());
            v0_3.generateKey();
            return;
        } catch (RuntimeException v1_10) {
            v1_10.printStackTrace();
        }
    }

Method c.b.a.b.T.mb() calling method javax.crypto.KeyGenerator.getInstance()


    protected void mb()
    {
        try {
            this.na = java.security.KeyStore.getInstance("AndroidKeyStore");
            try {
                java.io.IOException v0_3 = javax.crypto.KeyGenerator.getInstance("AES", "AndroidKeyStore");
                try {
                    this.na.load(0);
                    RuntimeException v1_5 = new android.security.keystore.KeyGenParameterSpec$Builder("DT", 3);
                    String v3_1 = new String[1];
                    v3_1[0] = "CBC";
                    RuntimeException v1_7 = v1_5.setBlockModes(v3_1).setUserAuthenticationRequired(1);
                    String v2_4 = new String[1];
                    v2_4[0] = "PKCS7Padding";
                    v0_3.init(v1_7.setEncryptionPaddings(v2_4).build());
                    v0_3.generateKey();
                    return;
                } catch (java.io.IOException v0_2) {
                    throw new RuntimeException(v0_2);
                } catch (java.io.IOException v0_2) {
                } catch (java.io.IOException v0_2) {
                } catch (java.io.IOException v0_2) {
                }
            } catch (java.io.IOException v0_1) {
                throw new RuntimeException("Failed to get KeyGenerator instance", v0_1);
            } catch (java.io.IOException v0_1) {
            }
            this.na.load(0);
            v1_5 = new android.security.keystore.KeyGenParameterSpec$Builder("DT", 3);
            v3_1 = new String[1];
            v3_1[0] = "CBC";
            v1_7 = v1_5.setBlockModes(v3_1).setUserAuthenticationRequired(1);
            v2_4 = new String[1];
            v2_4[0] = "PKCS7Padding";
            v0_3.init(v1_7.setEncryptionPaddings(v2_4).build());
            v0_3.generateKey();
            return;
        } catch (RuntimeException v1_10) {
            v1_10.printStackTrace();
        }
    }

Method com.digitalticks.trade.Activities.VerifyTouchActivity.n() calling method javax.crypto.KeyGenerator.generateKey()


    protected void n()
    {
        try {
            this.z = java.security.KeyStore.getInstance("AndroidKeyStore");
            try {
                java.io.IOException v0_3 = javax.crypto.KeyGenerator.getInstance("AES", "AndroidKeyStore");
                try {
                    this.z.load(0);
                    RuntimeException v1_5 = new android.security.keystore.KeyGenParameterSpec$Builder("DT", 3);
                    String v3_1 = new String[1];
                    v3_1[0] = "CBC";
                    RuntimeException v1_7 = v1_5.setBlockModes(v3_1).setUserAuthenticationRequired(1);
                    String v2_4 = new String[1];
                    v2_4[0] = "PKCS7Padding";
                    v0_3.init(v1_7.setEncryptionPaddings(v2_4).build());
                    v0_3.generateKey();
                    return;
                } catch (java.io.IOException v0_2) {
                    throw new RuntimeException(v0_2);
                } catch (java.io.IOException v0_2) {
                } catch (java.io.IOException v0_2) {
                } catch (java.io.IOException v0_2) {
                }
            } catch (java.io.IOException v0_1) {
                throw new RuntimeException("Failed to get KeyGenerator instance", v0_1);
            } catch (java.io.IOException v0_1) {
            }
            this.z.load(0);
            v1_5 = new android.security.keystore.KeyGenParameterSpec$Builder("DT", 3);
            v3_1 = new String[1];
            v3_1[0] = "CBC";
            v1_7 = v1_5.setBlockModes(v3_1).setUserAuthenticationRequired(1);
            v2_4 = new String[1];
            v2_4[0] = "PKCS7Padding";
            v0_3.init(v1_7.setEncryptionPaddings(v2_4).build());
            v0_3.generateKey();
            return;
        } catch (RuntimeException v1_10) {
            v1_10.printStackTrace();
        }
    }

Method c.b.a.b.T.mb() calling method javax.crypto.KeyGenerator.generateKey()


    protected void mb()
    {
        try {
            this.na = java.security.KeyStore.getInstance("AndroidKeyStore");
            try {
                java.io.IOException v0_3 = javax.crypto.KeyGenerator.getInstance("AES", "AndroidKeyStore");
                try {
                    this.na.load(0);
                    RuntimeException v1_5 = new android.security.keystore.KeyGenParameterSpec$Builder("DT", 3);
                    String v3_1 = new String[1];
                    v3_1[0] = "CBC";
                    RuntimeException v1_7 = v1_5.setBlockModes(v3_1).setUserAuthenticationRequired(1);
                    String v2_4 = new String[1];
                    v2_4[0] = "PKCS7Padding";
                    v0_3.init(v1_7.setEncryptionPaddings(v2_4).build());
                    v0_3.generateKey();
                    return;
                } catch (java.io.IOException v0_2) {
                    throw new RuntimeException(v0_2);
                } catch (java.io.IOException v0_2) {
                } catch (java.io.IOException v0_2) {
                } catch (java.io.IOException v0_2) {
                }
            } catch (java.io.IOException v0_1) {
                throw new RuntimeException("Failed to get KeyGenerator instance", v0_1);
            } catch (java.io.IOException v0_1) {
            }
            this.na.load(0);
            v1_5 = new android.security.keystore.KeyGenParameterSpec$Builder("DT", 3);
            v3_1 = new String[1];
            v3_1[0] = "CBC";
            v1_7 = v1_5.setBlockModes(v3_1).setUserAuthenticationRequired(1);
            v2_4 = new String[1];
            v2_4[0] = "PKCS7Padding";
            v0_3.init(v1_7.setEncryptionPaddings(v2_4).build());
            v0_3.generateKey();
            return;
        } catch (RuntimeException v1_10) {
            v1_10.printStackTrace();
        }
    }

Method com.digitalticks.trade.Activities.VerifyTouchActivity.m() calling method javax.crypto.Cipher.getInstance()


    public boolean m()
    {
        try {
            this.A = javax.crypto.Cipher.getInstance("AES/CBC/PKCS7Padding");
            try {
                this.z.load(0);
                this.A.init(1, ((javax.crypto.SecretKey) this.z.getKey("DT", 0)));
                return 1;
            } catch (android.security.keystore.KeyPermanentlyInvalidatedException) {
                return 0;
            } catch (java.security.InvalidKeyException v0_6) {
                throw new RuntimeException("Failed to init Cipher", v0_6);
            } catch (java.security.InvalidKeyException v0_6) {
            } catch (java.security.InvalidKeyException v0_6) {
            } catch (java.security.InvalidKeyException v0_6) {
            } catch (java.security.InvalidKeyException v0_6) {
            } catch (java.security.InvalidKeyException v0_6) {
            }
        } catch (java.security.InvalidKeyException v0_8) {
            throw new RuntimeException("Failed to get Cipher", v0_8);
        } catch (java.security.InvalidKeyException v0_8) {
        }
        this.z.load(0);
        this.A.init(1, ((javax.crypto.SecretKey) this.z.getKey("DT", 0)));
        return 1;
    }

Method c.b.a.b.T.lb() calling method javax.crypto.Cipher.getInstance()


    public boolean lb()
    {
        try {
            this.pa = javax.crypto.Cipher.getInstance("AES/CBC/PKCS7Padding");
            try {
                this.na.load(0);
                this.pa.init(1, ((javax.crypto.SecretKey) this.na.getKey("DT", 0)));
                return 1;
            } catch (android.security.keystore.KeyPermanentlyInvalidatedException) {
                return 0;
            } catch (java.security.InvalidKeyException v0_6) {
                throw new RuntimeException("Failed to init Cipher", v0_6);
            } catch (java.security.InvalidKeyException v0_6) {
            } catch (java.security.InvalidKeyException v0_6) {
            } catch (java.security.InvalidKeyException v0_6) {
            } catch (java.security.InvalidKeyException v0_6) {
            } catch (java.security.InvalidKeyException v0_6) {
            }
        } catch (java.security.InvalidKeyException v0_8) {
            throw new RuntimeException("Failed to get Cipher", v0_8);
        } catch (java.security.InvalidKeyException v0_8) {
        }
        this.na.load(0);
        this.pa.init(1, ((javax.crypto.SecretKey) this.na.getKey("DT", 0)));
        return 1;
    }

Method com.digitalticks.trade.CommonCode.h.a() calling method javax.crypto.Cipher.getInstance()


    public byte[] a(byte[] p4, byte[] p5, byte[] p6)
    {
        javax.crypto.Cipher v0_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");
        v0_1.init(1, new javax.crypto.spec.SecretKeySpec(p5, "AES"), new javax.crypto.spec.IvParameterSpec(p6));
        return v0_1.doFinal(p4);
    }

Method com.digitalticks.trade.CommonCode.h.a() calling method javax.crypto.Cipher.doFinal()


    public byte[] a(byte[] p4, byte[] p5, byte[] p6)
    {
        javax.crypto.Cipher v0_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");
        v0_1.init(1, new javax.crypto.spec.SecretKeySpec(p5, "AES"), new javax.crypto.spec.IvParameterSpec(p6));
        return v0_1.doFinal(p4);
    }

Method com.digitalticks.trade.CommonCode.h.a() calling method javax.crypto.spec.SecretKeySpec.<init>()


    public byte[] a(byte[] p4, byte[] p5, byte[] p6)
    {
        javax.crypto.Cipher v0_1 = javax.crypto.Cipher.getInstance("AES/CBC/PKCS5Padding");
        v0_1.init(1, new javax.crypto.spec.SecretKeySpec(p5, "AES"), new javax.crypto.spec.IvParameterSpec(p6));
        return v0_1.doFinal(p4);
    }