The Advanced Encryption Standard (AES) encryption algorithm can be used with various modes. Some combinations are not secured:

In both cases, Galois/Counter Mode (GCM) with no padding should be preferred.

This rule raises an issue when a Cipher instance is created with either ECB or CBC/PKCS5Padding mode.

Noncompliant Code Example

Cipher c1 = Cipher.getInstance("AES/ECB/NoPadding"); // Noncompliant
Cipher c2 = Cipher.getInstance("AES/CBC/PKCS5Padding"); // Noncompliant

Compliant Solution

Cipher c = Cipher.getInstance("AES/GCM/NoPadding");

See

Deprecated

This rule is deprecated; use {rule:java:S5542} instead.