Avoid DES keys

Docs > Code Analysis > Static Analysis Rules > Avoid DES keys

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Metadata

ID: java-security/keygenerator-avoid-des

Language: Java

Severity: Warning

Category: Security

CWE: 326

Description

The DES protocol is deprecated. Consider using a stronger protocol such as AES.

Learn More

CWE-326: Inadequate Encryption Strength

Non-Compliant Code Examples

public Class {

    void test1() {
            javax.crypto.SecretKey key = javax.crypto.KeyGenerator.getInstance("DES").generateKey();
            java.security.spec.AlgorithmParameterSpec paramSpec =
                    new javax.crypto.spec.IvParameterSpec(iv);
            c.init(javax.crypto.Cipher.ENCRYPT_MODE, key, paramSpec);

    }

    void test2() {
            javax.crypto.SecretKey key = KeyGenerator.getInstance("DES").generateKey();
            java.security.spec.AlgorithmParameterSpec paramSpec =
                    new javax.crypto.spec.IvParameterSpec(iv);
            c.init(javax.crypto.Cipher.ENCRYPT_MODE, key, paramSpec);

    }
}