== Why is this an issue?

include::../description.adoc[]

=== Noncompliant code example

[source,java]
----
public void encrypt(byte[] key, byte[] ptxt) {
    byte[] bytesIV = "7cVgr5cbdCZV".getBytes("UTF-8"); // The initialization vector is a static value

    GCMParameterSpec gcmSpec    = new GCMParameterSpec(128, nonce); // The initialization vector is configured here
    SecretKeySpec keySpec       = new SecretKeySpec(key, "AES");

    Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
    cipher.init(Cipher.ENCRYPT_MODE, keySpec, iv);  // Noncompliant
}
----

=== Compliant solution

[source,java]
----
public void encrypt(byte[] key, byte[] ptxt) {
    SecureRandom random = new SecureRandom();
    byte[] bytesIV = new byte[12];
    random.nextBytes(bytesIV); // Random 96 bit IV 

    GCMParameterSpec gcmSpec    = new GCMParameterSpec(128, nonce);
    SecretKeySpec keySpec       = new SecretKeySpec(key, "AES");

    Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
    cipher.init(Cipher.ENCRYPT_MODE, keySpec, iv);
}
----

include::../see.adoc[]


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

=== Highlighting

==== *Java Cryptographic Arquitecture*
* Primary location
** javax.crypto.Cipher.init call

* Secondary locations
** javax.crypto.spec.GCMParameterSpec constructor
** nonce variable declaration

==== *BouncyCastle*
* Primary location
** javax.crypto.Cipher.init

* Secondary locations
** org.bouncycastle.crypto.params.AEADParameters constructor
** nonce variable declaration


endif::env-github,rspecator-view[]