Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      When generating cryptographic keys (or key pairs), it is important to use a key length that provides enough entropy against brute-force attacks. For the RSA algorithm, it should be at least 2048 bits long.

      This rule raises an issue when an RSA key-pair generator is initialized with too small a length parameter.

      Noncompliant Code Example

      $config = array(
          "digest_alg" => "sha512",
          "private_key_bits" => 1024, // Noncompliant
          "private_key_type" => OPENSSL_KEYTYPE_RSA,
      );
      $res = openssl_pkey_new($config);
      

      Compliant Solution

      $config = array(
          "digest_alg" => "sha512",
          "private_key_bits" => 4096, // Compliant
          "private_key_type" => OPENSSL_KEYTYPE_RSA,
      );
      $res = openssl_pkey_new($config);
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              alexandre.gigleux Alexandre Gigleux
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: