Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-31780

Use BouncyCastle instead of the JDK API to decrypt files

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2021.0
    • Fix Version/s: 2023.0, 2021.36
    • Component/s: BlobManager
    • Release Notes Summary:
      Encrypted files are now decrypted with the BouncyCastle library.
    • Tags:
    • Backlog priority:
      500
    • Sprint:
      nxsupport 16

      Description

      From https://answers.nuxeo.com/general/q/2074bbcb3b4140108f3ae51ebbb53533/AES-Decryption-performance it has been reported that

      https://stackoverflow.com/questions/60575897/cipherinputstream-hangs-while-reading-data tells about known problems with CipherInputStream class for decryption of large files. The link https://crypto.stackexchange.com/questions/20333/encryption-of-big-files-in-java-with-aes-gcm confirm that “CipherInputStream in general is horrible”.

      As some customers are using the AES binary manager to store encrypted files, Nuxeo should use BouncyCastle instead of the JDK API to decrypt files

        Attachments

          Issue Links

          links to

          Web Link PR for 2021

          Web Link PR for 2023

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 30 minutes
                  30m