-
Notifications
You must be signed in to change notification settings - Fork 144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deprecate old Secure Cell API #636
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Mark almost all Secure Cell API as deprecated. Provide replacement instructions where relevant. Suppress deprecation warnings in our own code which tests old API usage and has to rely on public constants that we cannot make private now. Most of the deprecated API has more or less direct counterparts in the new API. Though, there are no counterparts to consutructors that accept no symmetric key or methods that accept one.
This PR is now ready for review. |
vixentael
approved these changes
May 12, 2020
CHANGELOG.md
Outdated
- `new SecureCell(int mode)` | ||
- `new SecureCell(byte[] key)` | ||
- `new SecureCell(byte[] key, int mode)` | ||
- `new SecureCell(String password)` ⚠️ **not secure** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggested change
- `new SecureCell(String password)` ⚠️ **not secure** | |
- `new SecureCell(String password)` ⚠️ **not recommended, insecure** |
vixentael
reviewed
May 12, 2020
@@ -447,16 +447,16 @@ _Code:_ | |||
- `new SecureCell(int mode)` | |||
- `new SecureCell(byte[] key)` | |||
- `new SecureCell(byte[] key, int mode)` | |||
- `new SecureCell(String password)` ⚠️ **not secure** | |||
- `new SecureCell(String password, int mode)` ⚠️ **not secure** | |||
- `new SecureCell(String password)` ⚠️ **not recommended, insecure** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
compatibility
Backward and forward compatibility, platform interoperability issues, breaking changes
W-JavaThemis ☕
Wrapper: Java, Java and Kotlin API
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Following changes in #634 and #635, mark almost all Secure Cell API as deprecated. Provide inline replacement instructions where relevant. Suppress deprecation warnings in our own code that tests old API usage and has to rely on public constants which we cannot make private now.
Migration instructions
Constructors
Instead of using
new SecureCell(...)
andSecureCell.MODE...
constants. UseSecureCell.ModeWithKey(...)
factory methods now.The following constructors are deprecated:
new SecureCell(int mode)
(no key specified)new SecureCell(byte[] key)
(uses Seal mode)new SecureCell(byte[] key, int mode)
Use an appropriate replacement instead:
SecureCell.SealWithKey(byte[] key)
SecureCell.TokenProtectWithKey(byte[] key)
SecureCell.ContextImprintWithKey(byte[] key)
Note that these factory methods return instances of interfaces like
SecureCell.Seal
, notSecureCell
. You may need to update your fields and variable types. Encryption API is also different and not compatible, you will need to update method call sites too.The following constructors are not secure when used with short passwords:
new SecureCell(String password)
(uses Seal mode)new SecureCell(String password, int mode)
They are deprecated and you are strongly discouraged from using them. (You are safe only if the passwords are long enough, around 50+ characters.)
If you have to use passphrases that need to be remembered by humans, consider using new passphrase API instead (#635):
SecureCell.SealWithPassphrase(String passphrase)
JavaThemis 0.13 supports passphrase API only in Seal mode. Other modes support only symmetric keys at the moment.
If you can store the encryption secret on electronic media, you’d be better off using symmetric key API. See #634 for an overview of updated API.
Note that new passphrase API is not compatible with the deprecated ‘password’ constructors. You will not be able to use new API to decrypt data encrypted by old API and vice versa. If you wish to switch the API, old data has to be decrypted with old API and reencrypted with the new one.
Encryption methods
All
protect
andunprotect
methods ofSecureCell
class are deprecated. Use appropriateencrypt
anddecrypt
methods of interfaces likeSecureCell.Seal
instead.Easier encryption
Encryption API for Seal and Context Imprint mode now returns encrypted data directly. You no longer have to extract it out of
SecureCellData
object:Easier decryption
Decryption with new API no longer requires construction of
SecureCellData
object:Context is optional and changed ordering
New API accepts message and context in different order: context comes last.
If you do not use associated context, the argument can be omitted entirely.
⛔️ No inline key switching
The methods that accept a key as the first argument do not have direct counterpart in the new API:
protect(byte[] key, byte[] context, byte[] data)
unprotect(byte[] key, byte[] context, SecureCellData protected)
You will have to construct a new Secure Cell object to use a different key.
⛔️ No context as string
The methods that accept associated context as a String do not have direct counterpart in the new API:
protect(String context, byte[] data)
unprotect(String context, SecureCellData protected)
If you need compatibility, you can use new API with the context string converted to UTF-16 with
getBytes("UTF-16")
.The methods that accept a ‘password’ string as the first argument are not secure when used with short passwords, similar to related constructors (see above). Consider user new passphrase API or symmetric keys instead.
Do not use the following methods:
protect(String password, String context, byte[] data)
unprotect(String password, String context, SecureCellData protected)
Checklist
Example projects and code samples are up-to-date(will do separately)