Crypto: Cipher: Insecure Asymmetric Cryptographic Algorithm :: Recipe Details

Recipe Name:

Crypto: Cipher: Insecure Asymmetric Cryptographic Algorithm

Description:

This cryptographic algorithm is not recommended

Level:

error

Language:

java

Tags:

security
basic protection set

Documentation

Secure coding practices prescribe to use RSA with the correct mode and padding for asymmetric algorithms in the Cipher class.

It is not recommended to use cryptographic algorithms and modes with known problems. For asymmetric encryption, RSA is the recommended algorithm. It should be used with Electronic CodeBook Mode and correctly configured OAEP padding.

Before

Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");

After

Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");

Resources

Oracle Java 11 SE Docs - Cipher Class

Recipe

id: scw:crypto:cipher:asymmetric
version: 10
metadata:
  name: 'Crypto: Cipher: Insecure Asymmetric Cryptographic Algorithm'
  shortDescription: This cryptographic algorithm is not recommended
  level: error
  language: java
  newCodeOnly: false
  scwCategory: broken_cryptography:use_of_insecuredeprecated_alogirthms
  cweCategory: 326
  enabled: true
  descriptionFile: Java/Crypto/descriptions/Insecure_asymmetric_cryptographic_algorithm.html
  tags: security;basic protection set
search:
  methodcall:
    args:
      1:
        type: java.lang.String
        value:
          stringified:
            matches: RSA|.*ECIES.*|RSA/ECB/PKCS1Padding|RSA/ECB/OAEPWithSHA-1AndMGF1Padding
    name: getInstance
    type: javax.crypto.Cipher
availableFixes:
- name: Use RSA in EBC mode with correctly configured OAEP Padding
  actions:
  - rewrite:
      to: '{{{ expressionElement }}}("RSA/ECB/OAEPWithSHA-256AndMGF1Padding")'