Dart Pointycastle Weak Rsa Key Size
Description
Detects weak RSA key sizes in Dart applications using the PointyCastle cryptography library. RSA keys smaller than 2048 bits are considered cryptographically weak and vulnerable to factorization attacks, potentially allowing attackers to break encryption or forge digital signatures.
Detection Strategy
• Scans Dart source code files (excluding test files) that import the 'package:pointycastle' library
• Identifies calls to RSAKeyGeneratorParameters constructor
• Examines the second argument (key size parameter) passed to the constructor
• Reports a vulnerability when the RSA key size is determined to be cryptographically weak (typically less than 2048 bits)
Vulnerable code example
import 'package:pointycastle/pointycastle.dart';
void weakKeyGeneration() {
// VULNERABLE: RSA key size below NIST minimum (2048 bits)
final params = RSAKeyGeneratorParameters(BigInt.from(65537), 1024, 25);
final keyGen = RSAKeyGenerator()..init(ParametersWithRandom(params, FortunaRandom()));
}✅ Secure code example
import 'package:pointycastle/pointycastle.dart';
void weakKeyGeneration() {
// SAFE: RSA key size meets NIST minimum (2048 bits)
final params = RSAKeyGeneratorParameters(BigInt.from(65537), 2048, 25);
final keyGen = RSAKeyGenerator()..init(ParametersWithRandom(params, FortunaRandom()));
}Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.