CogniCrypt Improve error messages for KeyGenerator and Cipher

Improve error messages for KeyGenerator and Cipher

Open ericbodden opened this issue 6 years ago • 5 comments

I am not sure whether this is a problem with the rule set or tool:

When I specify...

	KeyGenerator kg = KeyGenerator.getInstance("RSA");
	Cipher c = Cipher.getInstance("AES/CBC");
	c.init(Cipher.ENCRYPT_MODE, key, iv);

... then at the KeyGenerator, CogniCrypt tells me to use any of AES, BlowFish, DESede, ... when it should really only be AES, as the Cipher is clearly using AES. It was my understanding that our rules should be able to encode this.

Cheers Eric

May 18 '18 09:05 ericbodden

It is just not implemented within the tool yet.

Jun 06 '18 13:06 johspaeth

Would be really nice to have. (and is confusing if we don't have it)

Jun 08 '18 08:06 ericbodden

Yes, I agree. I discussed it with Stefan: Actually, there should be an error marker at the init call saying "No predicate generatedKey received for key". If we make the error marker text more explicit to include for "AES" it would be more helpful.

Jun 08 '18 08:06 johspaeth

@johspaeth If I remember correctly, you said, you fixed this issue. Is that right?

Jun 29 '18 12:06 kruegers

No, I didn't and it is related to this one. I don't know when I will have time to fix it.

Jun 29 '18 13:06 johspaeth

CogniCrypt CogniCrypt copied to clipboard

Improve error messages for KeyGenerator and Cipher

CogniCrypt
CogniCrypt copied to clipboard