From 98b6d68aaba3e413515037a3ff355761d90d1048 Mon Sep 17 00:00:00 2001
From: Carlos Holguera <perezholguera@gmail.com>
Date: Thu, 7 Nov 2024 16:50:46 +0000
Subject: [PATCH] add new test for key size

---
 .../MASVS-RESILIENCE/MASTG-TEST-0x38-2.md     | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 tests-beta/android/MASVS-RESILIENCE/MASTG-TEST-0x38-2.md

diff --git a/tests-beta/android/MASVS-RESILIENCE/MASTG-TEST-0x38-2.md b/tests-beta/android/MASVS-RESILIENCE/MASTG-TEST-0x38-2.md
new file mode 100644
index 0000000000..df423b2638
--- /dev/null
+++ b/tests-beta/android/MASVS-RESILIENCE/MASTG-TEST-0x38-2.md
@@ -0,0 +1,23 @@
+---
+title: Usage of Insecure Signature Key Size
+platform: android
+id: MASTG-TEST-0x39-2
+type: [static]
+weakness: MASWE-0104
+---
+
+## Overview
+
+For Android apps, the cryptographic strength of the APK signature is essential for maintaining the app's integrity and authenticity. Using a signature key with insufficient length, such as an RSA key shorter than 2048 bits, weakens security, making it easier for attackers to compromise the signature. This vulnerability could allow malicious actors to forge signatures, tamper with the app's code, or distribute unauthorized, modified versions.
+
+## Steps
+
+1. List the additional signature information using @MASTG-TECH-0116.
+
+## Observation
+
+The output should contain the information about the key size in a line like: `Signer #1 key size (bits):`.
+
+## Evaluation
+
+The test case fails if any of the key sizes (in bits) is less than 2048 (RSA). For example, `Signer #1 key size (bits): 1024`.