CodeQL documentation

Use of RSA algorithm without OAEP

ID: java/rsa-without-oaep
Kind: path-problem
Security severity: 7.5
Severity: warning
Precision: high
   - security
   - external/cwe/cwe-780
Query suites:
   - java-code-scanning.qls
   - java-security-extended.qls
   - java-security-and-quality.qls

Click to see the query in the CodeQL repository

Cryptographic algorithms often use padding schemes to make the plaintext less predictable. The OAEP (Optimal Asymmetric Encryption Padding) scheme should be used with RSA encryption. Using an outdated padding scheme such as PKCS1, or no padding at all, can weaken the encryption by making it vulnerable to a padding oracle attack.


Use the OAEP scheme when using RSA encryption.


In the following example, the BAD case shows no padding being used, whereas the GOOD case shows an OAEP scheme being used.

// BAD: No padding scheme is used
Cipher rsa = Cipher.getInstance("RSA/ECB/NoPadding");

//GOOD: OAEP padding is used
Cipher rsa = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");


  • © GitHub, Inc.
  • Terms
  • Privacy