From d996c2a2c6d14c4e578cb56019737922060fd7da Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Wed, 7 Sep 2022 13:51:58 -0500 Subject: [PATCH] Remove unsafe/deprecated `Encryptors.querableText(CharSequence,CharSequence)` This method is insecure. Users should instead encrypt with their database. Closes gh-8980 --- .../security/crypto/encrypt/Encryptors.java | 17 -------------- .../crypto/encrypt/EncryptorsTests.java | 11 --------- .../features/integrations/cryptography.adoc | 23 ------------------- docs/modules/ROOT/pages/whats-new.adoc | 5 ++++ 4 files changed, 5 insertions(+), 51 deletions(-) diff --git a/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java b/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java index f30ca5454a..a542a4bc9f 100644 --- a/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java +++ b/crypto/src/main/java/org/springframework/security/crypto/encrypt/Encryptors.java @@ -91,23 +91,6 @@ public final class Encryptors { return new HexEncodingTextEncryptor(standard(password, salt)); } - /** - * Creates an encryptor for queryable text strings that uses standard password-based - * encryption. Uses a 16-byte all-zero initialization vector so encrypting the same - * data results in the same encryption result. This is done to allow encrypted data to - * be queried against. Encrypted text is hex-encoded. - * @param password the password used to generate the encryptor's secret key; should - * not be shared - * @param salt a hex-encoded, random, site-global salt value to use to generate the - * secret key - * @deprecated This encryptor is not secure. Instead, look to your data store for a - * mechanism to query encrypted data. - */ - @Deprecated - public static TextEncryptor queryableText(CharSequence password, CharSequence salt) { - return new HexEncodingTextEncryptor(new AesBytesEncryptor(password.toString(), salt)); - } - /** * Creates a text encryptor that performs no encryption. Useful for developer testing * environments where working with plain text strings is desired for simplicity. diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/EncryptorsTests.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/EncryptorsTests.java index 4a4fd72a95..fa2209ef39 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/EncryptorsTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/EncryptorsTests.java @@ -66,17 +66,6 @@ public class EncryptorsTests { assertThat(result.equals(encryptor.encrypt("text"))).isFalse(); } - @Test - public void queryableText() { - CryptoAssumptions.assumeCBCJCE(); - TextEncryptor encryptor = Encryptors.queryableText("password", "5c0744940b5c369b"); - String result = encryptor.encrypt("text"); - assertThat(result).isNotNull(); - assertThat(result.equals("text")).isFalse(); - assertThat(encryptor.decrypt(result)).isEqualTo("text"); - assertThat(result.equals(encryptor.encrypt("text"))).isTrue(); - } - @Test public void noOpText() { TextEncryptor encryptor = Encryptors.noOpText(); diff --git a/docs/modules/ROOT/pages/features/integrations/cryptography.adoc b/docs/modules/ROOT/pages/features/integrations/cryptography.adoc index 83d7cd3fc1..6a0466df00 100644 --- a/docs/modules/ROOT/pages/features/integrations/cryptography.adoc +++ b/docs/modules/ROOT/pages/features/integrations/cryptography.adoc @@ -90,29 +90,6 @@ Encryptors.text("password", "salt") A `TextEncryptor` uses a standard `BytesEncryptor` to encrypt text data. Encrypted results are returned as hex-encoded strings for easy storage on the filesystem or in a database. -You can use the `Encryptors.queryableText` factory method to construct a "`queryable`" `TextEncryptor`: - -.Queryable TextEncryptor -==== -.Java -[source,java,role="primary"] ----- -Encryptors.queryableText("password", "salt"); ----- - -.Kotlin -[source,kotlin,role="secondary"] ----- -Encryptors.queryableText("password", "salt") ----- -==== - -The difference between a queryable `TextEncryptor` and a standard `TextEncryptor` has to do with initialization vector (IV) handling. -The IV used in a queryable `TextEncryptor.encrypt` operation is shared, or constant, and is not randomly generated. -This means the same text encrypted multiple times always produces the same encryption result. -This is less secure but necessary for encrypted data that needs to be queried against. -An example of queryable encrypted text would be an OAuth `apiKey`. - [[spring-security-crypto-keygenerators]] == Key Generators The {security-api-url}org/springframework/security/crypto/keygen/KeyGenerators.html[`KeyGenerators`] class provides a number of convenience factory methods for constructing different types of key generators. diff --git a/docs/modules/ROOT/pages/whats-new.adoc b/docs/modules/ROOT/pages/whats-new.adoc index 0767ff7cb4..4fb056bbc6 100644 --- a/docs/modules/ROOT/pages/whats-new.adoc +++ b/docs/modules/ROOT/pages/whats-new.adoc @@ -3,3 +3,8 @@ Spring Security 6.0 provides a number of new features. Below are the highlights of the release. + +== Breaking Changes + +* https://github.com/spring-projects/spring-security/issues/8980[gh-8980] - Remove unsafe/deprecated `Encryptors.querableText(CharSequence,CharSequence)`. +Instead use data storage to encrypt values. \ No newline at end of file