auth0 · gkwang · Mar 25, 2020 · Mar 24, 2020
diff --git a/README.md b/README.md
@@ -18,7 +18,8 @@ var options = {
   pem: fs.readFileSync(__dirname + '/your_public_cert.pem'),
   encryptionAlgorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc',
   keyEncryptionAlgorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
-  disallowEncryptionWithInsecureAlgorithm: true
+  disallowEncryptionWithInsecureAlgorithm: true,
+  warnInsecureAlgorithm: true
 };
 
 xmlenc.encrypt('content to encrypt', options, function(err, result) {
@@ -54,7 +55,8 @@ Result:
 ~~~js
 var options = {
     key: fs.readFileSync(__dirname + '/your_private_key.key'),
-    disallowDecryptionWithInsecureAlgorithm: true;
+    disallowDecryptionWithInsecureAlgorithm: true,
+    warnInsecureAlgorithm: true
 };
 
 xmlenc.decrypt('<xenc:EncryptedData ..... </xenc:EncryptedData>', options, function(err, result) {
@@ -79,9 +81,8 @@ Currently the library supports:
   * http://www.w3.org/2001/04/xmlenc#aes256-cbc
   * http://www.w3.org/2001/04/xmlenc#tripledes-cbc (Insecure Algorithm)
 
-Insecure Algorithms can be disabled via disallowEncryptionWithInsecureAlgorithm/disallowDecryptionWithInsecureAlgorithm flags when encrypting/decrypting. This flag is off by default in 0.x versions.
-
-However, you can fork and implement your own algorithm. The code supports adding more algorithms easily
+Insecure Algorithms can be disabled via `disallowEncryptionWithInsecureAlgorithm`/`disallowDecryptionWithInsecureAlgorithm` flags when encrypting/decrypting. This flag is off by default in 0.x versions.
+A warning will be piped to `stderr` using console.warn() by default when the aforementioned algorithms are used. This can be disabled via the `warnInsecureAlgorithm` flag.
 
 ## Issue Reporting
 

diff --git a/lib/utils.js b/lib/utils.js
@@ -6,7 +6,7 @@ var templates = {
   'keyinfo': require('./templates/keyinfo.tpl.xml'),
 };
 
-function renderTemplate (file, data) {
+function renderTemplate(file, data) {
   return templates[file](data);
 }
 
@@ -19,8 +19,14 @@ function pemToCert(pem) {
   return null;
 };
 
+function warnInsecureAlgorithm(algorithm, enabled = true) {
+  if (enabled) {
+    console.warn(algorithm + " is no longer recommended due to security reasons. Please deprecate its use as soon as possible.")
+  }
+}
 
 module.exports = {
   renderTemplate: renderTemplate,
-  pemToCert: pemToCert
+  pemToCert: pemToCert,
+  warnInsecureAlgorithm, warnInsecureAlgorithm
 };
diff --git a/lib/xmlenc.js b/lib/xmlenc.js
@@ -47,6 +47,7 @@ function encryptKeyInfo(symmetricKey, options, callback) {
       return encryptKeyInfoWithScheme(symmetricKey, options, 'RSA-OAEP', callback);
 
     case 'http://www.w3.org/2001/04/xmlenc#rsa-1_5':
+      utils.warnInsecureAlgorithm(options.keyEncryptionAlgorithm, options.warnInsecureAlgorithm);
       return encryptKeyInfoWithScheme(symmetricKey, options, 'RSAES-PKCS1-V1_5', callback);
 
     default:
@@ -79,6 +80,7 @@ function encrypt(content, options, callback) {
         crypto.randomBytes(32, cb); // generate a symmetric random key 32 bytes length
         break;
       case 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc':
+        utils.warnInsecureAlgorithm(options.encryptionAlgorithm, options.warnInsecureAlgorithm);
         crypto.randomBytes(24, cb); // generate a symmetric random key 24 bytes (192 bits) length
         break;
       default:
@@ -101,6 +103,7 @@ function encrypt(content, options, callback) {
         });
         break;
       case 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc':
+        utils.warnInsecureAlgorithm(options.encryptionAlgorithm, options.warnInsecureAlgorithm);
         encryptWithAlgorithm('des-ede3-cbc', symmetricKey, 8, content, options.input_encoding, function (err, encryptedContent) {
           if (err) return cb(err);
           cb(null, encryptedContent);
@@ -177,6 +180,7 @@ function decrypt(xml, options, callback) {
       case 'http://www.w3.org/2001/04/xmlenc#aes256-cbc':
         return callback(null, decryptWithAlgorithm('aes-256-cbc', symmetricKey, 16, encrypted));
       case 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc':
+        utils.warnInsecureAlgorithm(encryptionAlgorithm, options.warnInsecureAlgorithm);
         return callback(null, decryptWithAlgorithm('des-ede3-cbc', symmetricKey, 8, encrypted));
       default:
         return callback(new Error('encryption algorithm ' + encryptionAlgorithm + ' not supported'));
@@ -216,6 +220,7 @@ function decryptKeyInfo(doc, options) {
     case 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p':
       return decryptKeyInfoWithScheme(encryptedKey, options, 'RSA-OAEP');
     case 'http://www.w3.org/2001/04/xmlenc#rsa-1_5':
+      utils.warnInsecureAlgorithm(keyEncryptionAlgorithm, options.warnInsecureAlgorithm);
       return decryptKeyInfoWithScheme(encryptedKey, options, 'RSAES-PKCS1-V1_5');
     default:
       throw new Error('key encryption algorithm ' + keyEncryptionAlgorithm + ' not supported');

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -21,6 +21,7 @@
   "dependencies": {
     "escape-html": "^1.0.3",
     "node-forge": "^0.7.0",
+    "sinon": "^9.0.1",
     "xmldom": "~0.1.15",
     "xpath": "0.0.27"
   },

diff --git a/test/xmlenc.encryptedkey.js b/test/xmlenc.encryptedkey.js
@@ -1,9 +1,19 @@
 var assert = require('assert');
 var fs = require('fs');
+var should = require('should');
+var sinon = require('sinon');
 var xmlenc = require('../lib');
 var xpath = require('xpath');
 
 describe('encrypt', function() {
+  let consoleSpy = null;
+  beforeEach(function() {
+    consoleSpy = sinon.spy(console, 'warn');
+  });
+
+  afterEach(function() {
+    consoleSpy.restore();
+  });
 
   var algorithms = [{
     name: 'aes-256-cbc',
@@ -46,9 +56,10 @@ describe('encrypt', function() {
     options.rsa_pub = fs.readFileSync(__dirname + '/test-auth0_rsa.pub'),
     options.pem = fs.readFileSync(__dirname + '/test-auth0.pem'),
     options.key = fs.readFileSync(__dirname + '/test-auth0.key'),
+    options.warnInsecureAlgorithm = false;
 
     xmlenc.encrypt(content, options, function(err, result) {
-      xmlenc.decrypt(result, { key: fs.readFileSync(__dirname + '/test-auth0.key')}, function (err, decrypted) {
+      xmlenc.decrypt(result, { key: fs.readFileSync(__dirname + '/test-auth0.key'), warnInsecureAlgorithm: false}, function (err, decrypted) {
         assert.equal(decrypted, content);
         done();
       });
@@ -68,6 +79,8 @@ describe('encrypt', function() {
       xmlenc.encrypt('encrypt me', options, function(err, result) {
         assert(err);
         assert(!result);
+        //should not pop up warns due to options.warnInsecureAlgorithm = false;
+        consoleSpy.called.should.equal(false);
         done();
       });
     });
@@ -180,7 +193,6 @@ describe('encrypt', function() {
     };
 
     var plaintext = 'The quick brown fox jumps over the lazy dog';
-
     xmlenc.encryptKeyInfo(plaintext, options, function(err, encryptedKeyInfo) {
       assert(err);
       done();
@@ -198,7 +210,7 @@ describe('encrypt', function() {
 
     xmlenc.encryptKeyInfo(plaintext, options, function(err, encryptedKeyInfo) {
       if (err) return done(err);
-
+      consoleSpy.called.should.equal(true);
       assert.throws(
         function(){xmlenc.decryptKeyInfo(
           encryptedKeyInfo,