Home

AES encryption algorithm should be used with secured mode

Rule description

  • AES encryption algorithm should be used with secured mode

 

Non-compliant Code Example

loo_Crypt = create oleobject
loo_Crypt.CryptAlgorithm = "aes"
loo_Crypt.CipherMode = "cbc" // cbc is not compliance
loo_Crypt = create oleobject
loo_Crypt.CryptAlgorithm = "aes"
loo_Crypt.CipherMode = "ctr" // ctr is not compliance
Blob lblb_data
Blob lblb_key
Blob lblb_iv
Blob lblb_encrypt

lblb_data = Blob("Test DES", EncodingANSI!)
lblb_key = Blob("Test Key12345678", EncodingANSI!)
lblb_iv = Blob("Test IV 12345678", EncodingANSI!)

CrypterObject lnv_CrypterObject
lnv_CrypterObject = Create CrypterObject

lblb_encrypt = lnv_CrypterObject.SymmetricEncrypt(AES!, lblb_data, lblb_key, &OperationModeCBC!, lblb_iv, PKCSPadding!) // OperationModeCBC! and OperationModeCFB! is not compliance
Visual Expert 2020
 VEPBRULE26