Rule Wars
All rules
CA5384Security Enabled by default: No

Do not use digital signature algorithm (DSA)

Do not use digital signature algorithm (DSA)

Microsoft docs

Description

DSA is a weak asymmetric encryption algorithm.

Cause

Using DSA in one of the following ways:

  • Returning or instantiating derived classes of System.Security.Cryptography.DSA
  • Using System.Security.Cryptography.AsymmetricAlgorithm.Create or System.Security.Cryptography.CryptoConfig.CreateFromName to create a DSA object.

By default, this rule analyzes the entire codebase, but this is configurable.

How to fix violations

Switch to an RSA with at least 2048 key size, ECDH or ECDsa algorithm instead.

Example

using System.Security.Cryptography;

class ExampleClass
{
    public void ExampleMethod()
    {
        DSACng dsaCng = new DSACng();
    }
}

using System.Security.Cryptography;

class ExampleClass
{
    public void ExampleMethod()
    {
        AsymmetricAlgorithm asymmetricAlgorithm = AsymmetricAlgorithm.Create("ECDsa");
    }
}

When to suppress

It is not recommended to suppress this rule unless for compatibility with legacy applications and data.

Your vote
Join a group to vote
Group results
0 yes 0 no
ConsensusNone (disabled)
Severity preference (yes voters)
Suggestion0
Warning0
Error0