Use OAEP padding with RSA
Summary
RSA asymmetric encryption should be used only with OAEP padding (Optimal Asymmetric Encryption Padding).
Description
This means that any encryption or decryption processes involving RSA should adhere to the OAEP padding scheme. OAEP is considered more secure than older padding schemes. Padding schemes are employed to add randomness and complexity to the plaintext before being encrypted to enhance security.
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Essential | 🔴 |
| Advanced | 🟢 |
References
- CAPEC™-20. Encryption brute forcing
- HIPAA-164_312_a_2_iv. Encryption and decryption (addressable)
- HITRUST CSF-10_g. Key management
- ISO/IEC 27002-8_24. Use of cryptography
- ISA/IEC 62443-DC-4_3. Use of cryptography
- CWE™-780. Use of RSA algorithm without OAEP
- ISO/IEC 27001-8_24. Use of cryptography
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.