32 lines
999 B
Plaintext
32 lines
999 B
Plaintext
|
include::../description.adoc[]
|
||
|
|
|
||
|
|
== Noncompliant Code Example
|
||
|
|
|
||
|
|
----
|
||
|
|
Public Sub Encrypt(Key() As Byte, Data() As Byte, Target As MemoryStream)
|
||
|
|
Dim InitializationVector As Byte() = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}
|
||
|
|
Using Aes As New AesCryptoServiceProvider()
|
||
|
|
Dim Encryptor As ICryptoTransform = Aes.CreateEncryptor(Key, InitializationVector) ' Noncompliant, hardcoded value Is used
|
||
|
|
Using CS As New CryptoStream(Target, Encryptor, CryptoStreamMode.Write)
|
||
|
|
CS.Write(Data)
|
||
|
|
End Using
|
||
|
|
End Using
|
||
|
|
End Sub
|
||
|
|
----
|
||
|
|
|
||
|
|
== Compliant Solution
|
||
|
|
|
||
|
|
----
|
||
|
|
Public Sub Encrypt(Key() As Byte, Data() As Byte, Target As MemoryStream)
|
||
|
|
Using Aes As New AesCryptoServiceProvider()
|
||
|
|
Aes.GenerateIV()
|
||
|
|
Dim Encryptor As ICryptoTransform = Aes.CreateEncryptor(Key, Aes.IV)
|
||
|
|
Using CS As New CryptoStream(Target, Encryptor, CryptoStreamMode.Write)
|
||
|
|
CS.Write(Data)
|
||
|
|
End Using
|
||
|
|
End Using
|
||
|
|
End Sub
|
||
|
|
----
|
||
|
|
|
||
|
|
include::../see.adoc[]
|