Recipe Name:
Crypto: KeyPair Generation: Non Standard Cryptographic Algorithm
Description:
This cryptographic algorithm is not recommended
Level:
error
Language:
- java
Tags:
- security
- basic protection set
Documentation
Secure coding practices prescribe to use RSA to generate key pairs.
Asymmetric encryption requires a pair of keys, a private and a public key. This enables authenticity on top of confidentiality in the encryption algorithm. Authenticity is a requirement for some secure communication channels. That means that asymmetric cryptography is typically used in a scheme for signatures or a key agreement and not for bulk encryption of data. It is recommended to use RSA for key pair generation.
Correct code examplekeyPairGenerator = KeyPairGenerator.getInstance("RSA");
Recipe
id: scw:crypto:keypairgen-non-standard-algos version: 10 metadata: name: 'Crypto: KeyPair Generation: Non Standard Cryptographic Algorithm' shortDescription: This cryptographic algorithm is not recommended level: error language: java newCodeOnly: false scwCategory: broken_cryptography:use_of_insecuredeprecated_alogirthms enabled: true descriptionFile: Java/Crypto/descriptions/Insecure_key_pair_generation_algorithm.html tags: security;basic protection set search: methodcall: args: 1: type: java.lang.String value: stringified: DSA name: getInstance declaration: type: java.security.KeyPairGenerator availableFixes: - name: Use RSA actions: - rewrite: to: '{{{ expressionElement }}}("RSA")'