On Sat, Oct 6, 2012 at 5:40 AM, James Yonan <caprifinity@gmail.com> wrote:
>
> Well, there's essentially two problems here...
>
> 1. KeyChain.getPrivateKey(this, alias) returns an object that segfaults when
> collected by the GC. The segfault occurs in RSA_free in libcrypto. This is
> 100% reproducible for me on Nexus 7. This behavior has been documented in
> other posts, e.g. http://code.google.com/p/android/issues/detail?id=36545
>
If it is indeed reproducible, it should be easy to fix. Have you tried building
latest AOSP source, there have been a number of fixes/changes in this
area? I fail to see how this is documented in the bug report though (no
steps to reproduce).
> 2. You say that the new OpenSSL engine supports only signing, verifying and
> key import. That's fine, but keep in mind that the RSA signature used for
> verification of an SSL session is typically generated by the cipher object
> javax.crypto.Cipher.getInstance("RSA/ECB/PKCS1PADDING") acting as an
> encryptor. Can java.security.Signature replicate this behavior? This issue
> is also documented here:
> http://stackoverflow.com/questions/11261774/using-android-4-1-keychain
>
Again, are there any reasons you are using the Cipher class for signing?
I don't think this is typical at all, but if you have a particular reason
for wanting to use 'raw' RSA encryption, please say why. And, again,
this is probably more suitable for andorid-security.
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
No comments:
Post a Comment