47 lines
1.6 KiB
Plaintext
47 lines
1.6 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
== Noncompliant Code Example
|
|
|
|
https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.aesmanaged?view=netframework-4.8[AesManaged] object with insecure mode:
|
|
|
|
----
|
|
AesManaged aes4 = new AesManaged
|
|
{
|
|
KeySize = 128,
|
|
BlockSize = 128,
|
|
Mode = CipherMode.ECB, // Noncompliant
|
|
Padding = PaddingMode.PKCS7
|
|
};
|
|
----
|
|
|
|
https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.rsacryptoserviceprovider?view=netframework-4.8[RSACryptoServiceProvider] object without OAEP padding:
|
|
|
|
----
|
|
RSACryptoServiceProvider RSA1 = new RSACryptoServiceProvider();
|
|
encryptedData = RSA1.Encrypt(dataToEncrypt, false); // Noncompliant: OAEP Padding is not used (second parameter set to false)
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
AES with GCM mode with https://www.bouncycastle.org/[bouncycastle] library:
|
|
|
|
----
|
|
GcmBlockCipher blockCipher = new GcmBlockCipher(new AesEngine()); // Compliant
|
|
blockCipher.Init(true, new AeadParameters(new KeyParameter(secretKey), 128, iv, null));
|
|
----
|
|
|
|
AES with GCM mode with https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.aesgcm?view=netcore-3.0[AesGcm] object:
|
|
|
|
----
|
|
var aesGcm = new AesGcm(key); // Compliant
|
|
----
|
|
|
|
RSA with OAEP padding with https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.rsacryptoserviceprovider?view=netframework-4.8[RSACryptoServiceProvider] object:
|
|
|
|
----
|
|
RSACryptoServiceProvider RSA2 = new RSACryptoServiceProvider();
|
|
encryptedData = RSA2.Encrypt(dataToEncrypt, true); // Compliant: OAEP Padding is used (second parameter set to true)
|
|
----
|
|
|
|
include::../see.adoc[]
|