2024-01-25 15:18:07 +01:00
|
|
|
== How to fix it in Java Cryptography Extension
|
2023-06-12 15:58:19 +02:00
|
|
|
|
|
|
|
|
=== Code examples
|
|
|
|
|
|
|
|
|
|
include::../../common/fix/code-rationale.adoc[]
|
|
|
|
|
|
|
|
|
|
==== Noncompliant code example
|
|
|
|
|
|
|
|
|
|
[source,java,diff-id=1,diff-type=noncompliant]
|
|
|
|
|
----
|
|
|
|
|
import javax.crypto.Cipher;
|
|
|
|
|
import java.security.NoSuchAlgorithmException;
|
|
|
|
|
import javax.crypto.NoSuchPaddingException;
|
|
|
|
|
|
|
|
|
|
public static void main(String[] args) {
|
|
|
|
|
try {
|
|
|
|
|
Cipher des = Cipher.getInstance("DES"); // Noncompliant
|
|
|
|
|
} catch(NoSuchAlgorithmException|NoSuchPaddingException e) {
|
|
|
|
|
// ...
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
==== Compliant solution
|
|
|
|
|
|
|
|
|
|
[source,java,diff-id=1,diff-type=compliant]
|
|
|
|
|
----
|
|
|
|
|
import javax.crypto.Cipher;
|
|
|
|
|
import java.security.NoSuchAlgorithmException;
|
|
|
|
|
import javax.crypto.NoSuchPaddingException;
|
|
|
|
|
|
|
|
|
|
public static void main(String[] args) {
|
|
|
|
|
try {
|
|
|
|
|
Cipher aes = Cipher.getInstance("AES/GCM/NoPadding");
|
|
|
|
|
} catch(NoSuchAlgorithmException|NoSuchPaddingException e) {
|
|
|
|
|
// ...
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
=== How does this work?
|
|
|
|
|
|
|
|
|
|
include::../../common/fix/strong-cryptography.adoc[]
|
|
|
|
|
|
