plexus-cipher 3.0.0 #45
Conversation
| @@ -88,6 +91,7 @@ void testDefaultAlgorithmExists() throws Exception { | |||
|
|
|||
| // ------------------------------------------------------------- | |||
|
|
|||
| @Disabled("This test is not really a test") | |||
| @@ -34,7 +34,7 @@ class PBECipherTest { | |||
|
|
|||
| final String clearText = "veryOpenText"; | |||
|
|
|||
| final String encryptedText = "F7eMV2QRQF4H0ODCA1nrTGUWacCXVvPemSjaQjGbO6U="; | |||
| final String encryptedText = "ce/l2ofOiSELRT1WAjOyNoZbG+2FQcrlOKEdDr5mi6esyR2LfvBY855yxW5bqHZi"; | |||
There was a problem hiding this comment.
Why has the encrypted value changed ?
The package name change is IMO okay, many (today GH, former Codehaus) orgs still publish under org.codehaus package, and this has been well established (like older groovy versions that are still maintained). I don't find this problematic. This GH org "owns" the org.codehaus.plexus G on Central, so using same package is okay as well IMO. OTOH, I find it more problematic to use package name of existing private entity/company. The cipher changes have been undone, I was just reading and trying out some last night. Now there is only one change, they secret key alg is changed to The encrypted value changes really does not matter, as 2.1.0 release already broke backward compat, see #23 If we'd move from 2.0 to 2.1.0, users would need to reencrypt everything they have encrypted anyway. So IMO this change is ok as well. Finally, to signify all that above, but also the fact of moving to Java 17, am moving version to 3.0.0. |
|
In fact, just checked: nothing mandates for Java 17, so I undid that bit as well. Having this lib 8+ is just extra benefit. |
|
To me GCM/No padding also looks good. |
|
If not under codehaus, what other alternatives? |
Cipher is a small simple (nearly trivial) component that is able to encrypt/decrypt strings using provided "master password".
This commit moves it to version 3.0.0 denoting a major (and backward incompatible jump.