Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
None
-
None
Description
The two property options:
crypto.cipher.algorithm.name
crypto.cipher.suite
are not used intuitively. For example, as far as I can tell, the only place the cipher suite's algorithm name is used is to check for NullCipher. I even tested this using bogus strings to confirm. Instead, once the suite is found to not indicate NullCipher, the cipher.algorithm.name replaces the algorithm found in the cipher suite for all further uses.
Further, the suite is parsed out into padding and mode options, which only exist to pass a few unit tests and reconstruct the cipher suite using the other specified algorithm.
This leads to some unintuitive behavior, where someone specifying an algorithm in the cipher suite is not necessarily using their intended algorithm, unless both options specified the the same algorithm.
To clean this up, the algorithm specified should be renamed and used for key generation, since some keys can be used across different algorithms (https://docs.oracle.com/javase/8/docs/api/java/security/Key.html), and the cipher suite can be used as stated, instead of deconstructing it to then reconstruct it.
Attachments
Issue Links
- links to
