Insufficient length of a signature key

		LOW
	Detection method	SAST APK

Description

The length of the key used for signing an APK file is insufficient.

Official NIST recommendations (PDF, pages 64 and 67) qualify 1024-bit RSA keys as insecure (starting from 2013). This doesn't mean that 1024-bit RSA has been compromised, this is more of a preventive measure in order to be a step ahead of attackers. The main risk in using of a weak key is that a malicious person could break it to forge APK signatures. Thereafter the malicious APK, signed with your key, could be installed as an update for your application. Depending on how a key is used in an application, there are other possible attacks involving a compromised key.

Also, some application stores (for example, by Huawei) don't recommend signing an application with a key length of less than 2048 bit. Moreover, they don't allow uploading such applications.

Recommendations

To repair this vulnerability, you need to sign an application using up-to-date algorithms, such as SHA256withRSA or SHA512withRSA, also a key length of more than 2048 bits is required (recommended key length is 4096 bits). Note, that earlier Android versions may not support algorithms beyond SHA1. This article highlights the above problem and provides guidance through the process of signature changing.

Example: Generation of key using SHA512withRSA

keytool -genkey -v -keystore test.keystore -alias testkey -keyalg RSA -keysize 4096 -sigalg SHA512withRSA -dname "cn=Test,ou=Test,c=CA" -validity 10000

Example: Signature with a generated key

jarsigner -verbose -sigalg SHA512withRSA -digestalg SHA512 -keystore test.keystore test.apk testkey

Insufficient length of a signature key

Description

Recommendations

Example: Generation of key using SHA512withRSA

Example: Signature with a generated key

Links