Encryption algorithms should use secure modes and padding schemes where appropriate to guarantee data confidentiality and integrity.

Noncompliant Code Example

AesManaged object with insecure mode:

AesManaged aes4 = new AesManaged
{
  KeySize = 128,
  BlockSize = 128,
  Mode = CipherMode.ECB, // Noncompliant
  Padding = PaddingMode.PKCS7
};

RSACryptoServiceProvider object without OAEP padding:

RSACryptoServiceProvider RSA1 = new RSACryptoServiceProvider();
encryptedData = RSA1.Encrypt(dataToEncrypt, false); // Noncompliant: OAEP Padding is not used (second parameter set to false)

Compliant Solution

AES with GCM mode with bouncycastle library:

GcmBlockCipher blockCipher = new GcmBlockCipher(new AesEngine()); // Compliant
blockCipher.Init(true, new AeadParameters(new KeyParameter(secretKey), 128, iv, null));

AES with GCM mode with AesGcm object:

var aesGcm = new AesGcm(key); // Compliant

RSA with OAEP padding with RSACryptoServiceProvider object:

RSACryptoServiceProvider RSA2 = new RSACryptoServiceProvider();
encryptedData = RSA2.Encrypt(dataToEncrypt, true); // Compliant: OAEP Padding is used (second parameter set to true)

See