Sensei Logo Sensei Hub

Recipe - Crypto: KeyAgreement: Insecure Cryptographic Algorithm

Description:
This cryptographic algorithm is insecure
Level:
error
Language:
  • java
Tags:
  • security
  • basic protection set
Documentation

Secure coding practices prescribe to use EDCH for KeyAgreements.

It is not recommended to use cryptographic algorithms and modes with known problems. For KeyAgreements ECDH is recommended.

Correct code example
KeyAgreement.getInstance("ECDH");
Recipe
id: scw:crypto:keyagreement-insecure
version: 10
metadata:
  name: 'Crypto: KeyAgreement: Insecure Cryptographic Algorithm'
  shortDescription: This cryptographic algorithm is insecure
  level: error
  language: java
  newCodeOnly: false
  scwCategory: broken_cryptography:use_of_insecuredeprecated_alogirthms
  enabled: true
  descriptionFile: Java/Crypto/descriptions/Insecure_key_agreement_algorithm.html
  tags: security;basic protection set
search:
  methodcall:
    args:
      1:
        type: java.lang.String
        value:
          stringified:
            matches: DiffieHellman|ECMQV
    name: getInstance
    declaration:
      type: javax.crypto.KeyAgreement
availableFixes:
- name: Use ECDH
  actions:
  - rewrite:
      to: '{{{ expressionElement }}}("ECDH")'