Vulnerability

Always use AES encryption algorithm in a secure mode

Description

    The PowerBuilder code rule "Always use AES encryption algorithm in a secure mode" requires that developers use the Advanced Encryption Standard (AES) algorithm for all encryption operations. AES is a symmetric encryption algorithm that is considered to be one of the strongest and most reliable encryption algorithms available. When using AES encryption, it is important to always use a secure mode, such as Cipher Block Chaining (CBC) or Galois/Counter Mode (GCM). This ensures that the encrypted data is secure and not susceptible to attacks.

Key Benefits

  • Secure: AES encryption algorithm provides a secure encryption method that is difficult to break.
  • Reliable: AES encryption is reliable and can be used for long-term data protection.
  • Flexible: AES encryption is flexible and can be used with different types of data.
  • Efficient: AES encryption is efficient and can be used to encrypt large amounts of data quickly.

 

Non-compliant Code Example

loo_Crypt = create oleobject
loo_Crypt.CryptAlgorithm = "aes"
loo_Crypt.CipherMode = "ecb" // ecb is not compliance
Blob lblb_data
Blob lblb_key
Blob lblb_iv
Blob lblb_encrypt

lblb_data = Blob("Test DES", EncodingANSI!)
lblb_key = Blob("Test Key12345678", EncodingANSI!)
lblb_iv = Blob("Test IV 12345678", EncodingANSI!)

CrypterObject lnv_CrypterObject
lnv_CrypterObject = Create CrypterObject

lblb_encrypt = lnv_CrypterObject.SymmetricEncrypt(AES!, lblb_data, lblb_key, &OperationModeECB!, lblb_iv, PKCSPadding!) // OperationModeECB! is not compliance

Compliant Code Example

loo_Crypt = create oleobject
loo_Crypt.CryptAlgorithm = "aes"
loo_Crypt.CipherMode = "cbc" // cbc is compliant
loo_Crypt = create oleobject
            loo_Crypt.CryptAlgorithm = "aes"
            loo_Crypt.CipherMode = "ctr" // ctr is compliant
Blob lblb_data
Blob lblb_key
Blob lblb_iv
Blob lblb_encrypt

lblb_data = Blob("Test DES", EncodingANSI!)
lblb_key = Blob("Test Key12345678", EncodingANSI!)
lblb_iv = Blob("Test IV 12345678", EncodingANSI!)

CrypterObject lnv_CrypterObject
lnv_CrypterObject = Create CrypterObject

lblb_encrypt = lnv_CrypterObject.SymmetricEncrypt(AES!, lblb_data, lblb_key, &OperationModeCFB!, lblb_iv, PKCSPadding!) // OperationModeCFB! is compliant
Visual Expert 2024
 VEPBRULE26