When generating cryptographic keys (or key pairs), it is important to use strong parameters. Key length, for instance, should provides enough entropy against brute-force attacks. 

* For ``++RSA++`` and ``++DSA++`` algorithms key size should be at least 2048 bits long
* For ``++ECC++`` (elliptic curve cryptography) algorithms key size should be at least 224 bits long
* For ``++RSA++`` public key exponent should be at least 65537.

This rule raises an issue when an ``++RSA++``, ``++DSA++`` or ``++ECC++`` key-pair generator is initialized using weak parameters. 
It supports the following libraries:

* https://github.com/pyca/cryptography[cryptography]
* https://github.com/dlitz/pycrypto[PyCrypto]
* https://github.com/Legrandin/pycryptodome[Cryptodome]

== Noncompliant Code Example

----
from cryptography.hazmat.primitives.asymmetric import rsa, ec, dsa

dsa.generate_private_key(key_size=1024, backend=backend) # Noncompliant
rsa.generate_private_key(public_exponent=999, key_size=2048, backend=backend) # Noncompliant
ec.generate_private_key(curve=ec.SECT163R2, backend=backend)  # Noncompliant
----

== Compliant Solution

----
from cryptography.hazmat.primitives.asymmetric import rsa, ec, dsa

dsa.generate_private_key(key_size=2048, backend=backend) # Compliant
rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=backend) # Compliant
ec.generate_private_key(curve=ec.SECT409R1, backend=backend) # Compliant
----

== See

* https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
* https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration[OWASP Top 10 2017 Category A6] - Security Misconfiguration
* https://www.ssi.gouv.fr/uploads/2014/11/RGS_v-2-0_B1.pdf[ANSSI RGSv2] - Référentiel Général de Sécurité version 2
* https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf[NIST FIPS 186-4] - Digital Signature Standard (DSS)
* http://cwe.mitre.org/data/definitions/326.html[MITRE, CWE-326] - Inadequate Encryption Strength