Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      Noncompliant Code Example

      using System;
      using System.Security.Cryptography;
      
      namespace MyLibrary
      {
          public class MyCryptoClass
          {
              static void Main()
              {
                  var dsa1 = new DSACryptoServiceProvider(); // Noncompliant - default key size is 1024
                  dsa1.KeySize = 2048; // Noncompliant - the setter does not update the underlying key size for the DSACryptoServiceProvider class
      
                  var dsa2 = new DSACryptoServiceProvider(2048); // Noncompliant - cannot create DSACryptoServiceProvider with a key size bigger than 1024
      
                  var rsa1 = new RSACryptoServiceProvider(); // Noncompliant - default key size is 1024
                  rsa1.KeySize = 2048; // Noncompliant - the setter does not update the underlying key size for the RSACryptoServiceProvider class
      
                  var rsa2 = new RSACng(1024); // Noncompliant 
      
                  // ...
              }
          }
      }
      

      KeySize property of DSACryptoServiceProvider and RSACryptoServiceProvider does not change the value of underlying KeySize for the algorithm. Property setter is ignored without error and KeySize can be changed only by using constructor overload. See:

      Compliant Solution

      using System;
      using System.Security.Cryptography;
      
      namespace MyLibrary
      {
          public class MyCryptoClass
          {
              static void Main()
              {
                  var dsa1 = new DSACng(); // Compliant - default key size is 2048
                  var dsa2 = new DSACng(2048); // Compliant
                  var rsa1 = new RSACryptoServiceProvider(2048); // Compliant
                  var rsa2 = new RSACng(); // Compliant - default key size is 2048
      
                  // ...
              }
          }
      }
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              jeanchristophe.collet Jean-Christophe Collet (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: