include::../description.adoc[]

== Noncompliant Code Example

https://nodejs.org/api/crypto.html[crypto] built-in module:

----
var { privateKey, publicKey } = crypto.generateKeyPairSync('rsa', {
  modulusLength: 1024,  // Noncompliant
  publicKeyEncoding:  { type: 'spki', format: 'pem' },
  privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
}); // Noncompliant: 1024 bits is too short for a RSA key pair

crypto.generateKeyPair('ec', {
  namedCurve: 'secp112r2', 
  publicKeyEncoding:  { type: 'spki', format: 'pem' },
  privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
}, callback); // Noncompliant: secp112r2 curve doesn't provide enough security
----

== Compliant Solution

https://nodejs.org/api/crypto.html[crypto] built-in module:

----
crypto.generateKeyPair('rsa', {
  modulusLength: 2048,  // Compliant
  publicKeyEncoding:  { type: 'spki', format: 'pem' },
  privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
}, callback); // Compliant

crypto.generateKeyPair('ec', {
  namedCurve: 'secp224k1', 
  publicKeyEncoding:  { type: 'spki', format: 'pem' },
  privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
}, callback); // compliant
----

include::../see.adoc[]

ifdef::rspecator-view[]
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]
endif::rspecator-view[]