• CodeQL query help documentation »
• CodeQL query help for Java and Kotlin »

Use of RSA algorithm without OAEP

ID: java/rsa-without-oaep Kind: path-problem Security severity: 7.5 Severity: warning Precision: high Tags: - security - external/cwe/cwe-780 Query suites: - java-code-scanning.qls - java-security-extended.qls - java-security-and-quality.qls 

Click to see the query in the CodeQL repository

Cryptographic algorithms often use padding schemes to make the plaintext less predictable. The OAEP (Optimal Asymmetric Encryption Padding) scheme should be used with RSA encryption. Using an outdated padding scheme such as PKCS1, or no padding at all, can weaken the encryption by making it vulnerable to a padding oracle attack.

Recommendation

Use the OAEP scheme when using RSA encryption.

Example

In the following example, the BAD case shows no padding being used, whereas the GOOD case shows an OAEP scheme being used.

// BAD: No padding scheme is used Cipher rsa = Cipher.getInstance("RSA/ECB/NoPadding"); ... //GOOD: OAEP padding is used Cipher rsa = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding"); ... 

References

• Mobile Security Testing Guide.

• The Padding Oracle Attack.

• Common Weakness Enumeration: CWE-780.

• © GitHub, Inc.
• Terms
• Privacy