Insecure cryptography Critical

Misuse of cryptography-related APIs can create security vulnerabilities. This includes one or more of the following: algorithms with known weaknesses, certain padding modes, lack of integrity checks, and insufficiently large key sizes.

Detector ID
java/insecure-cryptography@v1.0
Category

Noncompliant example

1public void keyPairGeneratorNoncompliant() throws NoSuchAlgorithmException {
2    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
3    // Noncompliant: keysize too small for this algorithm.
4    keyPairGenerator.initialize(128);
5    keyPairGenerator.genKeyPair();
6}

Compliant example

1public void keyPairGeneratorCompliant() throws NoSuchAlgorithmException {
2    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
3    // Compliant: keysize sufficient for this algorithm.
4    keyPairGenerator.initialize(4096);
5    keyPairGenerator.genKeyPair();
6}