Skip to content
This repository has been archived by the owner on Mar 6, 2023. It is now read-only.

HMAC should be used for authentication of encrypted objects. #1

Open
kevjava opened this issue May 12, 2016 · 0 comments
Open

HMAC should be used for authentication of encrypted objects. #1

kevjava opened this issue May 12, 2016 · 0 comments

Comments

@kevjava
Copy link
Owner

kevjava commented May 12, 2016
edited
Loading

Per a comment on android-keystore issue 3:

CBC mode allows bit flipping without knowing the key, so if you intend to use for production, you might want to add HMAC. You would need to generate a separate key for HMAC, Marshmallow keystore supports HMAC keys as well.

This would prevent tampering with the encrypted object. Thanks to @nelenkov for the pointer.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kevjava