Misuse of cryptography-related APIs can create security vulnerabilities. This includes one or more of the following: algorithms with known weaknesses, certain padding modes, lack of integrity checks, and insufficiently large key sizes.
1public void keyPairGeneratorNoncompliant() throws NoSuchAlgorithmException {
2 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
3 // Noncompliant: keysize too small for this algorithm.
4 keyPairGenerator.initialize(128);
5 keyPairGenerator.genKeyPair();
6}
1public void keyPairGeneratorCompliant() throws NoSuchAlgorithmException {
2 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
3 // Compliant: keysize sufficient for this algorithm.
4 keyPairGenerator.initialize(4096);
5 keyPairGenerator.genKeyPair();
6}