== How to fix it in Java Cryptography Extension === Code examples include::../../common/fix/code-rationale.adoc[] ==== Noncompliant code example include::../../common/fix/rsa.adoc[] [source,kotlin,diff-id=1,diff-type=noncompliant] ---- import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; fun main(args: Array) { try { val keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(1024); // Noncompliant } catch (e: NoSuchAlgorithmException) { // ... } } ---- include::../../common/fix/aes.adoc[] [source,kotlin,diff-id=2,diff-type=noncompliant] ---- import java.security.KeyGenerator; import java.security.NoSuchAlgorithmException; fun main(args: Array) { try { val keyGenerator = KeyGenerator.getInstance("AES"); keyGenerator.initialize(64); // Noncompliant } catch (e: NoSuchAlgorithmException) { // ... } } ---- include::../../common/fix/ec.adoc[] [source,kotlin,diff-id=3,diff-type=noncompliant] ---- import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.InvalidAlgorithmParameterException; import java.security.spec.ECGenParameterSpec; fun main(args: Array) { try { val keyPairGenerator = KeyPairGenerator.getInstance("EC"); val ellipticCurveName = new ECGenParameterSpec("secp112r1"); // Noncompliant keyPairGenerator.initialize(ellipticCurveName); } catch (e: NoSuchAlgorithmException) { // ... } catch (e: InvalidAlgorithmParameterException) { // ... } } ---- ==== Compliant solution [source,kotlin,diff-id=1,diff-type=compliant] ---- import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; fun main(args: Array) { try { val keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator.initialize(2048); } catch (e: NoSuchAlgorithmException) { // ... } } ---- [source,kotlin,diff-id=2,diff-type=compliant] ---- import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; public static void main(String[] args) { try { val keyPairGenerator = KeyPairGenerator.getInstance("AES"); keyPairGenerator.initialize(128); } catch (e: NoSuchAlgorithmException) { // ... } } ---- [source,kotlin,diff-id=3,diff-type=compliant] ---- import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.InvalidAlgorithmParameterException; import java.security.spec.ECGenParameterSpec; public static void main(String[] args) { try { val keyPairGenerator = KeyPairGenerator.getInstance("EC"); val ellipticCurveName = new ECGenParameterSpec("secp256r1"); keyPairGenerator.initialize(ellipticCurveName); } catch (e: NoSuchAlgorithmException) { // ... } catch (e: InvalidAlgorithmParameterException) { // ... } } ---- === How does this work? include::../../common/fix/fix.adoc[] === Going the extra mile include::../../common/extra-mile/pre-quantum.adoc[]