Use of RSA algorithm without OAEP¶
ID: java/rsa-without-oaepKind: path-problemSecurity severity: 7.5Severity: warningPrecision: highTags: - security - external/cwe/cwe-780Query suites: - java-code-scanning.qls - java-security-extended.qls - java-security-and-quality.qls
Click to see the query in the CodeQL repository
Cryptographic algorithms often use padding schemes to make the plaintext less predictable. The OAEP (Optimal Asymmetric Encryption Padding) scheme should be used with RSA encryption. Using an outdated padding scheme such as PKCS1, or no padding at all, can weaken the encryption by making it vulnerable to a padding oracle attack.
Recommendation¶
Use the OAEP scheme when using RSA encryption.
Example¶
In the following example, the BAD case shows no padding being used, whereas the GOOD case shows an OAEP scheme being used.
// BAD: No padding scheme is usedCipherrsa=Cipher.getInstance("RSA/ECB/NoPadding");...//GOOD: OAEP padding is usedCipherrsa=Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");...
References¶
Common Weakness Enumeration:CWE-780.