Home

Encryption keys should not be hardcoded

Rule description

  • Encryption keys should not be hardcoded

 

Non-compliant Code Example

Blob lb_data
Blob lb_key
Blob lb_iv
Blob lb_encrypt

lb_data = Blob("Test AES", EncodingANSI!)
lb_key = Blob("Test Key12345678", EncodingANSI!) //Non compliant code (Encryption key is hardcoded)
lb_iv = Blob("Test IV 12345678", EncodingANSI!) //Non compliant code (Initialization vector  key is hardcoded)

CrypterObject lnv_CrypterObject
lnv_CrypterObject = Create CrypterObject

//Non compliant code (SymmetricEncrypt used hardcoded encryption and initialization vector keys)
lb_encrypt = lnv_CrypterObject.SymmetricEncrypt(AES!, lb_data, lb_key, &
    OperationModeCBC!, lb_iv, PKCSPadding!) 

//Non compliant code (SymmetricDecrypt used hardcoded encryption and initialization vector keys)
lblb_decrypt = lnv_CrypterObject.SymmetricDecrypt(AES!, lb_encrypt, Blob("Test Key123456789", EncodingANSI!), &
    OperationModeCBC!, Blob("Test IV 12345678", EncodingANSI!), PKCSPadding!)
Blob lb_data
Blob lb_privKey
Blob lb_pubKey
Blob lb_encrypt
Blob lb_decrypt
Blob lb_signature
Integer li_isPass

lb_data = Blob("Test Rsa", EncodingANSI!)
lb_pubKey = Blob("Test Key12345678", EncodingANSI!) //Non compliant code (Encryption key is hardcoded)
lb_privKey = Blob("Test Key44345678", EncodingANSI!) //Non compliant code (Encryption key is hardcoded)

CrypterObject lnv_CrypterObject
lnv_CrypterObject = Create CrypterObject

//Non compliant code (AsymmetricEncrypt used hardcoded key)
lb_encrypt = lnv_CrypterObject.AsymmetricEncrypt(RSA!, lb_data, lb_pubKey)

//Non compliant code (AsymmetricDecrypt used hardcoded key)
lb_decrypt = lnv_CrypterObject.AsymmetricDecrypt(RSA!, lb_encrypt, lb_privKey)

//Non compliant code (AsymmetricVerifySign used hardcoded key)
li_isPass = lnv_CrypterObject.AsymmetricVerifySign(RSA!, lb_data, lb_pubKey, lb_signature)

//Non compliant code (AsymmetricSign used hardcoded key)
lb_signature = lnv_CrypterObject.AsymmetricSign(RSA!, lb_data, lb_privKey)

Compliant Code Example

function string VEEncryption (Blob lb_key,Blob lb_iv)
Blob lb_data
Blob lb_encrypt
Blob lb_decrypt

lb_data = Blob("Test AES", EncodingANSI!)

CrypterObject lnv_CrypterObject
lnv_CrypterObject = Create CrypterObject

//Compliant code
lb_encrypt = lnv_CrypterObject.SymmetricEncrypt(AES!, lb_data, lb_key, &
OperationModeCBC!, lb_iv, PKCSPadding!)

//Compliant code
lb_decrypt = lnv_CrypterObject.SymmetricDecrypt(AES!, lb_encrypt, lb_key, &
OperationModeCBC!, lb_iv, PKCSPadding!)

Return ""
end function
Blob lb_data
Blob lb_privKey
Blob lb_pubKey
Blob lb_encrypt
Blob lb_decrypt
Blob lb_signature
Integer li_isPass

lb_data = Blob("Test Rsa", EncodingANSI!)

CrypterObject lnv_CrypterObject
lnv_CrypterObject = Create CrypterObject

lnv_CrypterObject.AsymmetricGenerateKey(RSA!, 1024, lb_privKey, lb_pubKey)

//Compliant code
lb_encrypt = lnv_CrypterObject.AsymmetricEncrypt(RSA!, lb_data, lb_pubKey)

//Compliant code
lb_decrypt = lnv_CrypterObject.AsymmetricDecrypt(RSA!, lb_encrypt, lb_privKey)

//Compliant code
li_isPass = lnv_CrypterObject.AsymmetricVerifySign(RSA!, lb_data, lb_pubKey, lb_signature)

//Compliant code
lb_signature = lnv_CrypterObject.AsymmetricSign(RSA!, lb_data, lb_privKey)
Visual Expert 2020
 VEPBRULE78