31 lines
720 B
Plaintext
31 lines
720 B
Plaintext
Without OAEP in RSA encryption, it takes less work for an attacker to decrypt the data or infer patterns from the ciphertext. This rule logs an issue as soon as a literal value starts with ``++RSA/NONE++``.
|
|
|
|
== Noncompliant Code Example
|
|
|
|
----
|
|
Cipher rsa = javax.crypto.Cipher.getInstance("RSA/NONE/NoPadding");
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
----
|
|
Cipher rsa = javax.crypto.Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING");
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|