Recipe Name:
Crypto: KeyPair Generation: Approved Standard Cryptographic Algorithm
Description:
This cryptographic algorithm is not recommended
Level:
error
Language:
  • java
Tags:
  • security
  • basic protection set
Documentation

Secure coding practices prescribe to use RSA to generate key pairs.

Asymmetric encryption requires a pair of keys, a private and a public key. This enables authenticity on top of confidentiality in the encryption algorithm. Authenticity is a requirement for some secure communication channels. That means that asymmetric cryptography is typically used in a scheme for signatures or a key agreement and not for bulk encryption of data. It is recommended to use RSA for key pair generation.

Correct code example
keyPairGenerator = KeyPairGenerator.getInstance("RSA");
Recipe
id: scw:crypto:keypairgen-not-recommended-algos
version: 10
metadata:
  name: 'Crypto: KeyPair Generation: Approved Standard Cryptographic Algorithm'
  shortDescription: This cryptographic algorithm is not recommended
  level: error
  language: java
  newCodeOnly: false
  scwCategory: broken_cryptography:use_of_insecuredeprecated_alogirthms
  enabled: true
  descriptionFile: Java/Crypto/descriptions/Insecure_key_pair_generation_algorithm.html
  tags: security;basic protection set
search:
  methodcall:
    args:
      1:
        type: java.lang.String
        value:
          stringified: ^((?!(DiffieHellman|EC|RSA$|DSA)).)*
    name: getInstance
    declaration:
      type: java.security.KeyPairGenerator
availableFixes:
- name: Use RSA
  actions:
  - rewrite:
      to: '{{{ expressionElement }}}("RSA")'