rspec/rules/S2277/java/rule.adoc

Without OAEP in RSA encryption, it takes less work for an attacker to decrypt the data or infer patterns from the ciphertext. This rule logs an issue as soon as a literal value starts with <code>RSA/NONE</code>. 

== Noncompliant Code Example

----
Cipher rsa = javax.crypto.Cipher.getInstance("RSA/NONE/NoPadding");
----

== Compliant Solution

----
Cipher rsa = javax.crypto.Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING");
----

include::../see.adoc[]
Add rules 2000-2999 2020-06-30 12:48:07 +02:00			`Without OAEP in RSA encryption, it takes less work for an attacker to decrypt the data or infer patterns from the ciphertext. This rule logs an issue as soon as a literal value starts with <code>RSA/NONE</code>.`

			`== Noncompliant Code Example`

			`----`
			`Cipher rsa = javax.crypto.Cipher.getInstance("RSA/NONE/NoPadding");`
			`----`

			`== Compliant Solution`

			`----`
			`Cipher rsa = javax.crypto.Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING");`
			`----`

			`include::../see.adoc[]`