== How to fix it in Java Cryptography Extension === Code examples include::../../common/fix/code-rationale.adoc[] ==== Noncompliant code example include::../../common/fix/rsa.adoc[] [source,java,diff-id=1,diff-type=noncompliant] ---- import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; public static void main(String[] args) { try { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(1024); // Noncompliant } catch (NoSuchAlgorithmException e) { // ... } } ---- include::../../common/fix/aes.adoc[] [source,java,diff-id=2,diff-type=noncompliant] ---- import java.security.KeyGenerator; import java.security.NoSuchAlgorithmException; public static void main(String[] args) { try { KeyGenerator keyGenerator = KeyGenerator.getInstance("AES"); keyGenerator.initialize(64); // Noncompliant } catch (NoSuchAlgorithmException e) { // ... } } ---- include::../../common/fix/ec.adoc[] [source,java,diff-id=3,diff-type=noncompliant] ---- import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.InvalidAlgorithmParameterException; import java.security.spec.ECGenParameterSpec; public static void main(String[] args) { try { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC"); ECGenParameterSpec ellipticCurveName = new ECGenParameterSpec("secp112r1"); // Noncompliant keyPairGenerator.initialize(ellipticCurveName); } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException e) { // ... } } ---- ==== Compliant solution [source,java,diff-id=1,diff-type=compliant] ---- import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; public static void main(String[] args) { try { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(2048); } catch (NoSuchAlgorithmException e) { // ... } } ---- [source,java,diff-id=2,diff-type=compliant] ---- import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; public static void main(String[] args) { try { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("AES"); keyPairGenerator.initialize(128); } catch (NoSuchAlgorithmException e) { // ... } } ---- [source,java,diff-id=3,diff-type=compliant] ---- import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.InvalidAlgorithmParameterException; import java.security.spec.ECGenParameterSpec; public static void main(String[] args) { try { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC"); ECGenParameterSpec ellipticCurveName = new ECGenParameterSpec("secp256r1"); keyPairGenerator.initialize(ellipticCurveName); } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException e) { // ... } } ---- === How does this work? include::../../common/fix/fix.adoc[] === Going the extra mile include::../../common/extra-mile/pre-quantum.adoc[]