Data Protection - Cryptography: Avoid cryptographic weakness: Use appropriate key pair generation algorithm: insecure :: Recipe Details

Recipe Name:

Data Protection - Cryptography: Avoid cryptographic weakness: Use appropriate key pair generation algorithm: insecure

Description:

Could lead to cryptographic weakness

Level:

error

Language:

java

Tags:

security
basic protection set

Documentation

Secure coding practices prescribe to use the RSA algorithm for asymmetric encryption. Using other asymmetric encryption algorithms could lead to cryptographic weakness.

Before

KeyFactory kf = KeyFactory.getInstance("DiffieHellman");

After

KeyFactory kf = KeyFactory.getInstance("RSA");

Recipe

id: scw:crypto:keyfactory-insecure-algos
version: 10
metadata:
  name: 'Data Protection - Cryptography: Avoid cryptographic weakness: Use appropriate key pair generation algorithm: insecure'
  shortDescription: Could lead to cryptographic weakness
  level: error
  language: java
  newCodeOnly: false
  scwCategory: broken_cryptography:use_of_insecuredeprecated_alogirthms
  enabled: true
  descriptionFile: Java/Crypto/descriptions/Data_Protection_-_Cryptography__Avoid_cryptographic_weakness__Use_appropriate_key_pair_generation_algorithm__insecure.html
  tags: security;basic protection set
search:
  methodcall:
    args:
      1:
        type: java.lang.String
        value:
          stringified:
            matches: DiffieHellman|DSA
    name: getInstance
    declaration:
      type: java.security.KeyFactory
availableFixes:
- name: Use RSA
  actions:
  - rewrite:
      to: '{{{ expressionElement }}}("RSA")'