(camel) branch main updated: CAMEL-23744: Update XML Encryption docs examples to AES-256-GCM (off 3DES) (#23988)

Fri, 12 Jun 2026 04:46:00 -0700 

This is an automated email from the ASF dual-hosted git repository.

davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/main by this push:
     new 5d73799f4531 CAMEL-23744: Update XML Encryption docs examples to 
AES-256-GCM (off 3DES) (#23988)
5d73799f4531 is described below

commit 5d73799f45312fe5e1a0bb72e54487c583401b23
Author: Andrea Cosentino <[email protected]>
AuthorDate: Fri Jun 12 13:45:00 2026 +0200

    CAMEL-23744: Update XML Encryption docs examples to AES-256-GCM (off 3DES) 
(#23988)
    
    The XMLSecurityDataFormat data-cipher default is already AES-256-GCM, but 
the docs still used a 24-byte passphrase (sized for 3DES) and one example 
demonstrated XMLCipher.TRIPLEDES. Update both passPhrase examples to a 32-byte 
key for the AES-256-GCM default, switch the explicit example to AES_256_GCM, 
and add a Data Cipher Algorithm note (default AES-256-GCM; 3DES 
legacy/discouraged). Docs-only.
    
    Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>
---
 .../src/main/docs/xmlSecurity-dataformat.adoc                | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git 
a/components/camel-xmlsecurity/src/main/docs/xmlSecurity-dataformat.adoc 
b/components/camel-xmlsecurity/src/main/docs/xmlSecurity-dataformat.adoc
index e2e744188abd..3ae29e873338 100644
--- a/components/camel-xmlsecurity/src/main/docs/xmlSecurity-dataformat.adoc
+++ b/components/camel-xmlsecurity/src/main/docs/xmlSecurity-dataformat.adoc
@@ -59,6 +59,12 @@ The default Key Cipher Algorithm is now
 that use RSA v1.5 as the key cipher algorithm will be rejected unless it
 has been explicitly configured as the key cipher algorithm.
 
+=== Data Cipher Algorithm
+
+The default data (payload) Cipher Algorithm is `XMLCipher.AES_256_GCM`.
+Usage of `XMLCipher.TRIPLEDES` (3DES) is discouraged as it is a legacy cipher; 
prefer an
+AES-GCM algorithm such as `XMLCipher.AES_256_GCM` (the default) or 
`XMLCipher.AES_128_GCM`.
+
 == Marshal
 
 To encrypt the payload, the `marshal` processor needs to be
@@ -95,7 +101,7 @@ from("direct:start")
 String tagXPATH = "//cheesesites/italy/cheese";
 boolean secureTagContent = true;
 ...
-String passPhrase = "Just another 24 Byte key";
+String passPhrase = "Just another 32 Byte key for AES";
 from("direct:start")
     .marshal().xmlSecurity(tagXPATH, secureTagContent, passPhrase)
     .unmarshal().xmlSecurity(tagXPATH, secureTagContent, passPhrase)
@@ -110,8 +116,8 @@ import org.apache.xml.security.encryption.XMLCipher;
 ....
 String tagXPATH = "//cheesesites/italy/cheese";
 boolean secureTagContent = true;
-String passPhrase = "Just another 24 Byte key";
-String algorithm= XMLCipher.TRIPLEDES;
+String passPhrase = "Just another 32 Byte key for AES";
+String algorithm = XMLCipher.AES_256_GCM;
 from("direct:start")
     .marshal().xmlSecurity(tagXPATH, secureTagContent, passPhrase, algorithm)
     .unmarshal().xmlSecurity(tagXPATH, secureTagContent, passPhrase, algorithm)

Reply via email to