Secure Public Key marked as Misuse

[akwick]

Steps done

• Applying CryptoAnalysis on the project JobX with commit id 414503ff.

• The analysis reports 38 violations (8 constraintError, 12 RequiredPredicateError, 4 ImpreciseValueExtractionError, 2 TypestateError, and 12 IncompleteOperationError). Details in the attacted report

• For the RequiredPredicateError violation for method encryptByPublicKey, we assume that the report is a false positive

 RequiredPredicateError violating CrySL rule for Cipher
                        Second parameter was not properly generatedKey
                        at statement: virtualinvoke r6.<javax.crypto.Cipher: void init(int,java.security.Key)>(1, r5)

• The reported violation is in the file RSAUtils.java in line 238.

Notes why we assume that the violation is a false positive

• REQUIRES
  generatedKey[key, part(0, ""/"", transformation)];
  https://docs.oracle.com/javase/7/docs/api/java/security/KeyFactory.html
  ""Key factories are used to convert keys (opaque cryptographic keys of type Key) into key specifications (transparent representations of the underlying key material), and vice versa. "" -> converts a key provided as a string (X509 specification) into a new key. This is not covered by CrySl -> assumes insecure"

/cc @anam-dodhy

[Lonzak]

I also have this problem - strangely the error message seems to be cut off in the middle:
"Second parameter was not properly generatedKey" The public key however is read from an existing keystore and was generated by using the java keytool.

public static byte[] encryptKey(byte[] content, Key publicKey) {
        byte[] encryptedContent= null;
        try {
            Cipher outerCipher = Cipher.getInstance(publicKey.getAlgorithm());
            outerCipher.init(Cipher.ENCRYPT_MODE, publicKey);
            encryptedContent= outerCipher.doFinal(content);
        } catch (Exception e) {
          ...
        }
       return encryptedContent;
}