The security check tool Fortify has detected vulnerability on the lines
RSAPKCS1SignatureDeformatter deformatter = new RSAPKCS1SignatureDeformatter(key);
deformatter.SetHashAlgorithm("SHA256");
The CreateDeformatter()
method performs public key RSA encryption without OAEP padding, thereby making the encryption weak.
Could someone please share some light to find the exact problem for this. I’m relatively new to the area of RSA.