Home

Always use AES encryption algorithm in a secure mode

Rule description

  • AES offers several modes (ECB, CBC, CFB…), some of them being faster or safer.
  • If you are using AES in your PowerBuilder code, your calls should use the most secure modes. Visual Expert will scan your application, find less secure calls and highlight them in your code.

 

Non-compliant Code Example

loo_Crypt = create oleobject
loo_Crypt.CryptAlgorithm = "aes"
loo_Crypt.CipherMode = "cbc" // cbc is not compliance
loo_Crypt = create oleobject
loo_Crypt.CryptAlgorithm = "aes"
loo_Crypt.CipherMode = "ctr" // ctr is not compliance
Blob lblb_data
Blob lblb_key
Blob lblb_iv
Blob lblb_encrypt

lblb_data = Blob("Test DES", EncodingANSI!)
lblb_key = Blob("Test Key12345678", EncodingANSI!)
lblb_iv = Blob("Test IV 12345678", EncodingANSI!)

CrypterObject lnv_CrypterObject
lnv_CrypterObject = Create CrypterObject

lblb_encrypt = lnv_CrypterObject.SymmetricEncrypt(AES!, lblb_data, lblb_key, &OperationModeCBC!, lblb_iv, PKCSPadding!) // OperationModeCBC! and OperationModeCFB! is not compliance
Visual Expert 2020
 VEPBRULE26