Skip to content
/ rsalint Public

🕵️‍♀️ @golang linter for the crypto/rsa package.

License

MIT license
11 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

picatz/rsalint

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
.github
.github
 
 
cmd/rsalint
cmd/rsalint
 
 
rsacheck
rsacheck
 
 
.gitattributes
.gitattributes
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

rsalint

🕵️‍♀️ Linter for the crypto/rsa package.

Install

$ go install github.com/picatz/rsalint/cmd/rsalint@latest

Vulnerable Implementation

package main

import (
    "crypto/rsa"
    "fmt"
    "math/rand"
)

func main() {
    privateKey, err := rsa.GenerateKey(rand.New(rand.NewSource(0)), 1024)
    if err != nil {
        panic(err)
    }
    fmt.Println(privateKey)
}

rsalint can identify a number of potential security problems:

  • Weak entropy source (not using crypto/rand.Reader).
  • Weak number of bits (less than 2048, and not a multiple of 8).
  • Weak number of primes for the given number of bits.
  • Deprecated functions (rsa.GenerateMultiPrimeKey).
  • Insecure encryption schemes (rsa.EncryptPKCS1v15).

Usage

$ rsalint ./path/to/vulnerable/code/...
./path/to/vulnerable/code/main.go:10:37: use the crypto/rand.Reader instead for a cryptographically secure random number generator
./path/to/vulnerable/code/main.go:10:66: use 2048 bits or greater

About

🕵️‍♀️ @golang linter for the crypto/rsa package.

Topics

golang cryptography linter

Resources

Readme

License

MIT license
Activity

Stars

11 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 3

v2.0.0 Latest
Aug 24, 2024
+ 2 releases

Contributors 2

  •  
  •  

Languages