59 lines
1.5 KiB
Plaintext
59 lines
1.5 KiB
Plaintext
== Why is this an issue?
|
|
|
|
include::../description.adoc[]
|
|
|
|
=== Noncompliant code example
|
|
|
|
https://nodejs.org/api/crypto.html[crypto] built-in module:
|
|
|
|
[source,javascript]
|
|
----
|
|
var { privateKey, publicKey } = crypto.generateKeyPairSync('rsa', {
|
|
modulusLength: 1024, // Noncompliant
|
|
publicKeyEncoding: { type: 'spki', format: 'pem' },
|
|
privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
|
|
}); // Noncompliant: 1024 bits is too short for a RSA key pair
|
|
|
|
crypto.generateKeyPair('ec', {
|
|
namedCurve: 'secp112r2',
|
|
publicKeyEncoding: { type: 'spki', format: 'pem' },
|
|
privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
|
|
}, callback); // Noncompliant: secp112r2 curve doesn't provide enough security
|
|
----
|
|
|
|
=== Compliant solution
|
|
|
|
https://nodejs.org/api/crypto.html[crypto] built-in module:
|
|
|
|
[source,javascript]
|
|
----
|
|
crypto.generateKeyPair('rsa', {
|
|
modulusLength: 2048, // Compliant
|
|
publicKeyEncoding: { type: 'spki', format: 'pem' },
|
|
privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
|
|
}, callback); // Compliant
|
|
|
|
crypto.generateKeyPair('ec', {
|
|
namedCurve: 'secp224k1',
|
|
publicKeyEncoding: { type: 'spki', format: 'pem' },
|
|
privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
|
|
}, callback); // compliant
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|