https://github.com/picatz/rsalint

🕵️‍♀️ @golang linter for the crypto/rsa package.
https://github.com/picatz/rsalint

cryptography golang linter

Last synced: about 1 year ago
JSON representation

🕵️‍♀️ @golang linter for the crypto/rsa package.

• Host: GitHub
• URL: https://github.com/picatz/rsalint
• Owner: picatz
• License: mit
• Created: 2020-01-07T07:05:32.000Z (over 6 years ago)
• Default Branch: main
• Last Pushed: 2025-03-10T12:56:47.000Z (over 1 year ago)
• Last Synced: 2025-04-02T03:05:27.151Z (about 1 year ago)
• Topics: cryptography, golang, linter
• Language: Go
• Homepage:
• Size: 31.3 KB
• Stars: 11
• Watchers: 1
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# rsalint

 🕵️‍♀️ Linter for the [`crypto/rsa`](https://golang.org/pkg/crypto/rsa/) package.

## Install

```console

$ go install github.com/picatz/rsalint/cmd/rsalint@latest

```

## Vulnerable Implementation

```go

package main

import (

    "crypto/rsa"

    "fmt"

    "math/rand"

)

func main() {

    privateKey, err := rsa.GenerateKey(rand.New(rand.NewSource(0)), 1024)

    if err != nil {

        panic(err)

    }

    fmt.Println(privateKey)

}

```

`rsalint` can identify a number of potential security problems:

- Weak entropy source (not using `crypto/rand.Reader`).

- Weak number of bits (less than `2048`, and not a multiple of `8`).

- Weak number of primes for the given number of bits.

- Deprecated functions (`rsa.GenerateMultiPrimeKey`).

- Insecure encryption schemes (`rsa.EncryptPKCS1v15`).

## Usage

```console

$ rsalint ./path/to/vulnerable/code/...

./path/to/vulnerable/code/main.go:10:37: use the crypto/rand.Reader instead for a cryptographically secure random number generator

./path/to/vulnerable/code/main.go:10:66: use 2048 bits or greater

```