[guardian-dev] APK signing keys are vulnerable WAS: pgp, nsa, rsa

Hans of Guardian hans at guardianproject.info
Sun Sep 8 16:00:26 EDT 2013

On Sep 6, 2013, at 9:36 PM, Daniel McCarney wrote:

> On 07/09, Natanael wrote:
>> The short answer is factoring speedups. Take a look at the archive I
>> linked to for a bit more details.
> This has interesting implications in the Android space if true.
> RSA 1024 was the default in the Java 6x impl. of keytool[1] and many devs
> have released APKs signed with such keys. It is non-trivial to change signing
> keys with an established userbase without data-loss.
> - Daniel
> [1] http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html

Wow, that is bad news indeed.  It would be awesome to have androidobservatory.org also display full info about the signing keys, like the algorithm used, the bitness, generation date, etc. so we can easily check which keys are vulnerable.

I figure if the NSA can break 1024 bit RSA, its only a matter of time before China also has that capability.  China are experts at industrial espionage, and they certainly know how to make chips.  It is very conceivable that they could acquire the NSA's RSA cracking chip design and then build it domestically.  Then I imagine that China would also be willing to sell those chips to allies, or perhaps even the highest bidder.

We'll have to make sure our signing key is not 1024 bit, and if so, work on a migration plan.  The easiest way to start is to sign all new apps with a new key.


More information about the Guardian-dev mailing list