Crypto-API-Rules
Crypto-API-Rules copied to clipboard
CROSSINGTUD
This repository contains all CrySL rules currently used in the crypto assistant CogniCrypt.
This pull request is **not** getting merged at the moment due to rules causing false positives. The false positives are caused as third party API data flows are not getting...
Bumps [bcprov-jdk15on](https://github.com/bcgit/bc-java) from 1.60 to 1.67. Changelog Sourced from bcprov-jdk15on's changelog. 2.1.1 Version Release: 1.70 Date: TBD 2.2.1 Version Release: 1.69 Date: 2021, June 7th. ... (truncated) Commits See full...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [bcprov-jdk15on](https://github.com/bcgit/bc-java) from 1.60 to 1.67. Changelog Sourced from bcprov-jdk15on's changelog. 2.1.1 Version Release: 1.70 Date: TBD 2.2.1 Version Release: 1.69 Date: 2021, June 7th. ... (truncated) Commits See full...
The Section 3.4 of the [BSI](https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/tr02102/tr02102_node.html) document states that ECIES (Elliptic Curve Integrated Encryption Scheme) is supported. There is also an associated class for it in the bouncy castle documentation...
Bumps [tink](https://github.com/google/tink) from 1.2.0 to 1.5.0. Release notes Sourced from tink's releases. Tink 1.4.0 Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks....
In the `JCA` and `BouncyCalste-JCA` **`KeyStore.crysl`** we currently only permit the values `"jceks", "jks", "dks", "pkcs11", "pkcs12"`. However as [`androidx.security.crypto.MasterKeys.java`](https://android.googlesource.com/platform/frameworks/support/+/refs/heads/androidx-master-dev/security/crypto/src/main/java/androidx/security/crypto/MasterKeys.java) suggests in Android Apps it's totally OK, if even not...
Currently, CrySL provides different predicates for AlgorithmParamterSpec interface implementers. We should have the same for KeySpec implementers. In the following example, we get an InvalidKeySpecException, due to the wrong KeySpec...
The authors of [this paper](https://ieeexplore.ieee.org/document/7839783/) argue for the use of a Regulator pattern for cryptographic libraries. With a regular pattern, such a library could automatically update the algorithms it uses...
As of now, there are rules for the JCA. However, "the JCA" in its default configuration actually comes as a set of [individual providers](https://docs.oracle.com/javase/9/security/oracleproviders.htm#GUID-FE2D2E28-C991-4EF9-9DBE-2A4982726313). Create one project for each of...
Bump org.apache.maven.plugins:maven-gpg-plugin from 3.2.2 to 3.2.4 in /JavaCryptographicArchitecture
Bumps [org.apache.maven.plugins:maven-gpg-plugin](https://github.com/apache/maven-gpg-plugin) from 3.2.2 to 3.2.4. Release notes Sourced from org.apache.maven.plugins:maven-gpg-plugin's releases. 3.2.4 Release Notes - Maven GPG Plugin - Version 3.2.4 [MGPG-125] - Fix "bestPractices" (#95) @cstamas 📦 Dependency...
Metadata
Owner
Metadata
This repository contains all CrySL rules currently used in the crypto assistant CogniCrypt.