== Why is this an issue?

include::../description.adoc[]

=== Noncompliant code example

[source,java]
----
public void encrypt(String key, String plainText) throws GeneralSecurityException {
    byte[] bytesIV = "7cVgr5cbdCZVw5WY".getBytes(StandardCharsets.UTF_8); // secondary

    GCMParameterSpec iv = new GCMParameterSpec(128,bytesIV);  // secondary
    SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "AES");

    Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
    cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv); // Noncompliant
  }
----

=== Compliant solution

[source,java]
----
public void encrypt(String key, String plainText) throws GeneralSecurityException {
    SecureRandom random = new SecureRandom();
    byte[] bytesIV = new byte[16];
    random.nextBytes(bytesIV); // Random initialization vector

    GCMParameterSpec iv = new GCMParameterSpec(128, bytesIV);
    SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "AES");

    Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
    cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
  }
----


include::../see.adoc[]
* Derived from FindSecBugs rule https://find-sec-bugs.github.io/bugs.htm#STATIC_IV[STATIC_IV]



ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]