On Sat, Oct 6, 2012 at 5:40 AM, James Yonan <[email protected]> wrote:
> > Well, there's essentially two problems here... > > 1. KeyChain.getPrivateKey(this, alias) returns an object that segfaults when > collected by the GC. The segfault occurs in RSA_free in libcrypto. This is > 100% reproducible for me on Nexus 7. This behavior has been documented in > other posts, e.g. http://code.google.com/p/android/issues/detail?id=36545 > If it is indeed reproducible, it should be easy to fix. Have you tried building latest AOSP source, there have been a number of fixes/changes in this area? I fail to see how this is documented in the bug report though (no steps to reproduce). > 2. You say that the new OpenSSL engine supports only signing, verifying and > key import. That's fine, but keep in mind that the RSA signature used for > verification of an SSL session is typically generated by the cipher object > javax.crypto.Cipher.getInstance("RSA/ECB/PKCS1PADDING") acting as an > encryptor. Can java.security.Signature replicate this behavior? This issue > is also documented here: > http://stackoverflow.com/questions/11261774/using-android-4-1-keychain > Again, are there any reasons you are using the Cipher class for signing? I don't think this is typical at all, but if you have a particular reason for wanting to use 'raw' RSA encryption, please say why. And, again, this is probably more suitable for andorid-security. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
