Authenticated encryption
migesok opened this issue · 0 comments
Current implementation of config encryption-decryption (which delegates to com.evolutiongaming.crypto.Crypto#encryptAES and com.evolutiongaming.crypto.Crypto#decryptAES methods) doesn't guarantee plaintext authenticity - if a wrong private key is used on decryption, you'd get a garbage value in return.
I propose to change the default cipher from AES/CTR to AES/GCM which provides authenticated encryption. In implementation it would mean that after the change if a wrong key is used on decryption, you will get an exception instead of a garbage output.
AES/GCM/NoPadding cipher with 128 bit key is required to be supported on all JDKs 11+:
https://docs.oracle.com/en/java/javase/11/docs/api/java.base/javax/crypto/Cipher.html
I will provide an implementation PR shortly. I intend to do it in a backward compatible way by using the existing versioning infrastructure.