48 lines
1.2 KiB
Plaintext
48 lines
1.2 KiB
Plaintext
|
include::../description.adoc[]
|
||
|
|
|
||
|
|
== Noncompliant Code Example
|
||
|
|
|
||
|
|
[source,java]
|
||
|
|
----
|
||
|
|
public void encrypt(byte[] key, byte[] ptxt) {
|
||
|
|
byte[] bytesIV = "7cVgr5cbdCZV".getBytes("UTF-8"); // The initialization vector is a static value
|
||
|
|
|
||
|
|
GCMParameterSpec gcmSpec = new GCMParameterSpec(128, nonce); // The initialization vector is configured here
|
||
|
|
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
|
||
|
|
|
||
|
|
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
|
||
|
|
cipher.init(Cipher.ENCRYPT_MODE, keySpec, iv); // Noncompliant
|
||
|
|
}
|
||
|
|
----
|
||
|
|
|
||
|
|
== Compliant Solution
|
||
|
|
|
||
|
|
[source,java]
|
||
|
|
----
|
||
|
|
public void encrypt(byte[] key, byte[] ptxt) {
|
||
|
|
SecureRandom random = new SecureRandom();
|
||
|
|
byte[] bytesIV = new byte[12];
|
||
|
|
random.nextBytes(bytesIV); // Random 96 bit IV
|
||
|
|
|
||
|
|
GCMParameterSpec gcmSpec = new GCMParameterSpec(128, nonce);
|
||
|
|
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
|
||
|
|
|
||
|
|
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
|
||
|
|
cipher.init(Cipher.ENCRYPT_MODE, keySpec, iv);
|
||
|
|
}
|
||
|
|
----
|
||
|
|
|
||
|
|
include::../see.adoc[]
|
||
|
|
|
||
|
|
|
||
|
|
ifdef::env-github,rspecator-view[]
|
||
|
|
|
||
|
|
'''
|
||
|
|
== Implementation Specification
|
||
|
|
(visible only on this page)
|
||
|
|
|
||
|
|
include::../message.adoc[]
|
||
|
|
|
||
|
|
include::./highlighting.adoc[]
|
||
|
|
|
||
|
|
endif::env-github,rspecator-view[]
|