security: deprecate non-encrypting WebAuthn methods and add warnings

src/services/credentials/encryption.service.ts

@@ -265,32 +265,37 @@ export class EncryptionService {
 
 
   /**
-   * Chiffre des credentials avec WebAuthn
+   * WARNING: DEPRECATED - This method does NOT encrypt, only base64 encoding
+   * Use encryptWithPassword or WebAuthn key encryption instead
    */
   async encryptWithWebAuthn(
     credentials: CredentialData,
     credentialId: string
   ): Promise<string> {
+    secureLogger.error('encryptWithWebAuthn is deprecated and does NOT encrypt data', new Error('Use encryptWithPassword or WebAuthn encryption'));
+    
     const data = JSON.stringify({
       spendKey: credentials.spendKey,
       scanKey: credentials.scanKey,
       timestamp: credentials.timestamp
     });
 
-    // Pour l'instant, on utilise un chiffrement simple
+    // WARNING: Only base64 encoding, no encryption - DO NOT USE FOR SENSITIVE DATA
-    // Dans une vraie implémentation, on utiliserait la clé publique WebAuthn
     const encoded = btoa(data);
     return encoded;
   }
 
   /**
-   * Déchiffre des credentials avec WebAuthn
+   * WARNING: DEPRECATED - This method does NOT decrypt, only base64 decoding
+   * Use decryptWithPassword or WebAuthn key decryption instead
    */
   async decryptWithWebAuthn(
     encryptedData: string,
     credentialId: string
   ): Promise<CredentialData> {
-    // Pour l'instant, on utilise un déchiffrement simple
+    secureLogger.error('decryptWithWebAuthn is deprecated and does NOT decrypt data', new Error('Use decryptWithPassword or WebAuthn decryption'));
+    
+    // WARNING: Only base64 decoding, no decryption - DO NOT USE FOR SENSITIVE DATA
     const decoded = atob(encryptedData);
     const data = JSON.parse(decoded);