You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fop-dev@xmlgraphics.apache.org by "MathanKumar Thirunavukkarasu (JIRA)" <ji...@apache.org> on 2018/04/03 18:04:00 UTC

[jira] [Commented] (FOP-2778) Questions on FOP encryption

    [ https://issues.apache.org/jira/browse/FOP-2778?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16424373#comment-16424373 ] 

MathanKumar Thirunavukkarasu commented on FOP-2778:
---------------------------------------------------

In FOP v2.2, 
Below is the class I referred
org.apache.fop.hyphenation.*HyphenationTree*.class.
Can you check this and close.

> Questions on FOP encryption
> ---------------------------
>
>                 Key: FOP-2778
>                 URL: https://issues.apache.org/jira/browse/FOP-2778
>             Project: FOP
>          Issue Type: Bug
>    Affects Versions: 2.2
>            Reporter: MathanKumar Thirunavukkarasu
>            Priority: Critical
>              Labels: encryption
>
> Summary
> Hardcoded encryption keys may compromise system security in a way that cannot be easily remedied.
> h3. Explanation
> It is never a good idea to hardcode an encryption key because it allows all of the project's developers to view the encryption key, and makes fixing the problem extremely difficult. Once the code is in production, the encryption key cannot be changed without patching the software. If the account that is protected by the encryption key is compromised, the owners of the system will be forced to choose between security and availability.
> In this case the encryption key is located at in *HyphenationTree.java* at line *577*.
> *Example 1:* The following code uses a hardcoded encryption key:
> ...
> private static final String encryptionKey = "lakdsljkalkjlksdfkl";
> byte[] keyBytes = encryptionKey.getBytes();
> SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");
> Cipher encryptCipher = Cipher.getInstance("AES");
> encryptCipher.init(Cipher.ENCRYPT_MODE, key);
> ...
> *Anyone who has access to the code will have access to the encryption key. Once the application has shipped, there is no way to change the encryption key unless the program is patched. An employee with access to this information could use it to break into the system. Even worse, if attackers had access to the executable for the application, they could extract the encryption key value.*
> ----------------------------------------------------------------
> h3. Summary
> The function *initCipher()* in *PDFEncryptionJCE.java* uses a cryptographic encryption algorithm with an insecure mode of operation on line *771*.Cryptographic encryption algorithms should not be used with an insecure mode of operation.
> h3. Explanation
> A mode of operation of a block cipher is an algorithm that describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block. Some of the modes of operation include Electronic Codebook (ECB), Cipher Block Chaining (CBC), and Cipher Feedback (CFB).
> ECB mode is inherently weak, as it results in the same ciphertext for identical blocks of plaintext. CBC mode is the superior choice as it does not have this weakness.
> *Example 1:* The following code uses AES cipher with ECB mode:
> ...
> SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");
> Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC");
> cipher.init(Cipher.ENCRYPT_MODE, key);
> ...



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)