include::../description.adoc[]

== Noncompliant Code Example

[source,java]
----
public void encrypt(byte[] key, byte[] ptxt) {
    byte[] bytesIV = "7cVgr5cbdCZV".getBytes("UTF-8"); // The initialization vector is a static value

    GCMParameterSpec gcmSpec    = new GCMParameterSpec(128, nonce); // The initialization vector is configured here
    SecretKeySpec keySpec       = new SecretKeySpec(key, "AES");

    Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
    cipher.init(Cipher.ENCRYPT_MODE, keySpec, iv);  // Noncompliant
}
----

== Compliant Solution

[source,java]
----
public void encrypt(byte[] key, byte[] ptxt) {
    SecureRandom random = new SecureRandom();
    byte[] bytesIV = new byte[12];
    random.nextBytes(bytesIV); // Random 96 bit IV 

    GCMParameterSpec gcmSpec    = new GCMParameterSpec(128, nonce);
    SecretKeySpec keySpec       = new SecretKeySpec(key, "AES");

    Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
    cipher.init(Cipher.ENCRYPT_MODE, keySpec, iv);
}
----

include::../see.adoc[]


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

include::./highlighting.adoc[]

endif::env-github,rspecator-view[]