For typechecked code, the Crypto Checker guarantees that only trusted algorithms and providers are used, and thereby ensures that the cryptographic APIs never cause runtime exceptions or use weak algorithms or providers. We present the Crypto Checker, a pluggable type system that detects the use of forbidden algorithms and providers at compile time. Moreover, for Android developers who want to store their key material in the Android Keystore, misused cryptographic algorithms and providers make the key material unsafe. Using the wrong cryptographic service provider can also lead to unsupported cryptographic algorithms. Weak or unsupported cryptographic algorithms can cause information leakage and runtime exceptions, such as a NoSuchAlgorithmException in Java. Using cryptographic APIs to encrypt and decrypt data, calculate digital signatures, or compute hashes is error prone.
0 Comments
Leave a Reply. |