Edit

CA5385: Use Rivest–Shamir–Adleman (RSA) algorithm with sufficient key size

  • Article
Property Value
Rule ID CA5385
Title Use Rivest–Shamir–Adleman (RSA) algorithm with sufficient key size
Category Security
Fix is breaking or non-breaking Non-breaking
Enabled by default in .NET 8 No

Cause

Using asymmetric encryption algorithm RSA with key size less than 2048 in one of the following ways:

Rule description

An RSA key smaller than 2048 bits is more vulnerable to brute force attacks.

How to fix violations

Switch to an RSA with at least 2048 key size, ECDH or ECDsa algorithm instead.

When to suppress warnings

It is not recommended to suppress this rule unless for compatibility with legacy applications and data.

Suppress a warning

If you just want to suppress a single violation, add preprocessor directives to your source file to disable and then re-enable the rule.

#pragma warning disable CA5385
// The code that's violating the rule is on this line.
#pragma warning restore CA5385

To disable the rule for a file, folder, or project, set its severity to none in the configuration file.

[*.{cs,vb}]
dotnet_diagnostic.CA5385.severity = none

For more information, see How to suppress code analysis warnings.

Example

The following code snippet illustrates the pattern detected by this rule.

Violation:

using System.Security.Cryptography;

class ExampleClass
{
    public void ExampleMethod()
    {
        RSACng rsaCng = new RSACng(1024);
    }
}

Solution:

using System.Security.Cryptography;

class ExampleClass
{
    public void ExampleMethod()
    {
        RSACng rsaCng = new RSACng(2048);
    }
}