• CodeQL query help documentation »
• CodeQL query help for Java and Kotlin »

Use of RSA algorithm without OAEP

ID: java/rsa-without-oaep
Kind: path-problem
Security severity: 7.5
Severity: warning
Precision: high
Tags:
   - security
   - external/cwe/cwe-780
Query suites:
   - java-code-scanning.qls
   - java-security-extended.qls
   - java-security-and-quality.qls

Click to see the query in the CodeQL repository

Cryptographic algorithms often use padding schemes to make the plaintext less predictable. The OAEP (Optimal Asymmetric Encryption Padding) scheme should be used with RSA encryption. Using an outdated padding scheme such as PKCS1, or no padding at all, can weaken the encryption by making it vulnerable to a padding oracle attack.

Recommendation

Use the OAEP scheme when using RSA encryption.

Example

In the following example, the BAD case shows no padding being used, whereas the GOOD case shows an OAEP scheme being used.

// BAD: No padding scheme is used
Cipher rsa = Cipher.getInstance("RSA/ECB/NoPadding");
...

//GOOD: OAEP padding is used
Cipher rsa = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
...

References

• Mobile Security Testing Guide.

• The Padding Oracle Attack.

• Common Weakness Enumeration: CWE-780.

• © GitHub, Inc.
• Terms
• Privacy