Why creating this library?
GDPR regulation does require you to enforce security measures and safeguards to protect any piece of information that relates to an identifiable person. This library is a first step in implementing a solution that could be used for this purpose.
How secure is it?
As encryption is based on a common shared key generated in Chipher.java, this method of encrypting your data is only as secure as your password. It is recommended to use strong passwords with 15+ characters containing mixed-case letters, numbers and special characters. Someone with access to your data could brute-force your password - and an ill-intentioned application deployed in the same enviroment as your app could get hold of your password from system properties or configuration, and decrypt the data using this password with the code available in this library. So, use a strong password, and decide for yourself if this is secure "enough" for you application. This application has not been through any security audit, but the sourcecode is open source and therefore possible to review.
How can security be improved in the future?
An idea is to implementing asymmetric encryption using public/private key pair. This would introduce setup complexity. One would need to make keys available across (possible) multiple Enonic XP nodes in a cluster. This would probably mean that a system administrator would have to manually install key in multiple keystores or one would have to use a centralized keystore, such as AWS Key Management Service (KMS), CyberArk, Hashicorp Vault, or Azure Key Vault, to better secure credentials.
Example on when using this library could be useful
If you have a production system that persist sensitive customer data into the Enonic XP storage, and that data is exported to a QA, testing or development environment, and you want this data to be encrypted there.
- Added Main class for command line use
- Removed unused build dependencies
- Initial version of Cipher library