Info Call to Crypto API

Description

List of all calls to cryptographic methods.

Recommendation

Do not use insecure or weak cryptographic algorithms. For example, the Data Encryption Standard (DES) encryption algorithm is considered highly insecure

Do not use Object.equals() to compare cryptographic keys

Cryptographic keys should never be serialized

Technical details

Method com.microsoft.appcenter.utils.crypto.CryptoAesHandler.decrypt() calling method javax.crypto.spec.IvParameterSpec.<init>()


    public byte[] decrypt(com.microsoft.appcenter.utils.crypto.CryptoUtils$ICryptoFactory p6, int p7, java.security.KeyStore$Entry p8, byte[] p9)
    {
        com.microsoft.appcenter.utils.crypto.CryptoUtils$ICipher v1 = p6.getCipher("AES/CBC/PKCS7Padding", "AndroidKeyStoreBCWorkaround");
        int v0 = v1.getBlockSize();
        v1.init(2, ((java.security.KeyStore$SecretKeyEntry) p8).getSecretKey(), new javax.crypto.spec.IvParameterSpec(p9, 0, v0));
        return v1.doFinal(p9, v0, (p9.length - v0));
    }

Method com.microsoft.appcenter.utils.crypto.CryptoUtils$1.getKeyGenerator() calling method javax.crypto.KeyGenerator.getInstance()


    public com.microsoft.appcenter.utils.crypto.CryptoUtils$IKeyGenerator getKeyGenerator(String p3, String p4)
    {
        return new com.microsoft.appcenter.utils.crypto.CryptoUtils$1$1(this, javax.crypto.KeyGenerator.getInstance(p3, p4));
    }

Method com.microsoft.appcenter.utils.crypto.CryptoUtils$1$1.generateKey() calling method javax.crypto.KeyGenerator.generateKey()


    public void generateKey()
    {
        this.val$keyGenerator.generateKey();
        return;
    }

Method com.microsoft.appcenter.utils.crypto.CryptoUtils$1.getCipher() calling method javax.crypto.Cipher.getInstance()


    public com.microsoft.appcenter.utils.crypto.CryptoUtils$ICipher getCipher(String p3, String p4)
    {
        return new com.microsoft.appcenter.utils.crypto.CryptoUtils$1$2(this, javax.crypto.Cipher.getInstance(p3, p4));
    }

Method com.microsoft.appcenter.utils.crypto.CryptoUtils$1$2.getIV() calling method javax.crypto.Cipher.getIV()


    public byte[] getIV()
    {
        return this.val$cipher.getIV();
    }

Method com.microsoft.appcenter.utils.crypto.CryptoUtils$1$2.doFinal() calling method javax.crypto.Cipher.doFinal()


    public byte[] doFinal(byte[] p2, int p3, int p4)
    {
        return this.val$cipher.doFinal(p2, p3, p4);
    }

Method com.microsoft.appcenter.utils.crypto.CryptoUtils$1$2.doFinal() calling method javax.crypto.Cipher.doFinal()


    public byte[] doFinal(byte[] p2)
    {
        return this.val$cipher.doFinal(p2);
    }