🕵️♀️ Linter for the crypto/rsa
package.
$ go install github.com/picatz/rsalint/cmd/rsalint@latest
package main
import (
"crypto/rsa"
"fmt"
"math/rand"
)
func main() {
privateKey, err := rsa.GenerateKey(rand.New(rand.NewSource(0)), 1024)
if err != nil {
panic(err)
}
fmt.Println(privateKey)
}
rsalint
can identify a number of potential security problems:
- Using an insecure source of entropy using
math/rand
( always usecrypto/rand
). - Using an insecure hash function ( not SHA256 or SHA512 ).
- Generating an RSA key pair using an insecure number of bits ( always use
>= 2048
). - Using potentially insecure signing function
rsa.SignPKCS1v15
instead ofrsa.SignPSS
. - Using potentially insecure signing function
rsa.EncryptPKCS1v15
instead ofrsa.EncryptOAEP
. - Using an insecure value for multi-prime keys for various bit sizes.
- Using an insecure PKCS1v15 session key size.
- Not using RSA blinding leading to possible timing side-channel attacks.
$ rsalint ./path/to/vulnerable/code/...
./path/to/vulnerable/code/main.go:10:37: use the crypto/rand.Reader instead for a cryptographically secure random number generator
./path/to/vulnerable/code/main.go:10:66: always use 2048 bits or greater