Crypto: KeyAgreement: Guide on Approved Cryptographic Algorithm :: Recipe Details

Recipe Name:

Crypto: KeyAgreement: Guide on Approved Cryptographic Algorithm

Description:

This cryptographic algorithm is not recommended

Level:

marked_information

Language:

java

Tags:

security
basic protection set

Documentation

Secure coding practices prescribe to use EDCH for KeyAgreements.

It is not recommended to use cryptographic algorithms and modes with known problems. For KeyAgreements ECDH is recommended.

Correct code example

KeyAgreement.getInstance("ECDH");

Recipe

id: scw:crypto:keyagreement-not-recommended
version: 10
metadata:
  name: 'Crypto: KeyAgreement: Guide on Approved Cryptographic Algorithm'
  shortDescription: This cryptographic algorithm is not recommended
  level: marked_information
  language: java
  newCodeOnly: false
  scwCategory: broken_cryptography:use_of_insecuredeprecated_alogirthms
  enabled: true
  descriptionFile: Java/Crypto/descriptions/Insecure_key_agreement_algorithm.html
  tags: security;basic protection set
search:
  methodcall:
    args:
      1:
        type: java.lang.String
        value:
          stringified:
            matches: ^((?!(DiffieHellman|EC$|RSA|ECMQV|ECDH$)).)*
    name: getInstance
    declaration:
      type: javax.crypto.KeyAgreement
availableFixes:
- name: Use ECDH
  actions:
  - rewrite:
      to: '{{{ expressionElement }}}("ECDH")'