security: deprecate non-encrypting WebAuthn methods and add warnings

2025-10-26 02:45:48 +01:00 · 2025-10-26 02:45:48 +01:00 · ab31901a20
commit ab31901a20
parent 6a36fde154
2 changed files with 11 additions and 6 deletions
--- a/src/services/credentials/encryption.service.ts
+++ b/src/services/credentials/encryption.service.ts
@ -265,32 +265,37 @@ export class EncryptionService {


  /**
-   * Chiffre des credentials avec WebAuthn
+   * WARNING: DEPRECATED - This method does NOT encrypt, only base64 encoding
+   * Use encryptWithPassword or WebAuthn key encryption instead
   */
  async encryptWithWebAuthn(
    credentials: CredentialData,
    credentialId: string
  ): Promise<string> {
+    secureLogger.error('encryptWithWebAuthn is deprecated and does NOT encrypt data', new Error('Use encryptWithPassword or WebAuthn encryption'));
+    
    const data = JSON.stringify({
      spendKey: credentials.spendKey,
      scanKey: credentials.scanKey,
      timestamp: credentials.timestamp
    });

-    // Pour l'instant, on utilise un chiffrement simple
-    // Dans une vraie implémentation, on utiliserait la clé publique WebAuthn
+    // WARNING: Only base64 encoding, no encryption - DO NOT USE FOR SENSITIVE DATA
    const encoded = btoa(data);
    return encoded;
  }

  /**
-   * Déchiffre des credentials avec WebAuthn
+   * WARNING: DEPRECATED - This method does NOT decrypt, only base64 decoding
+   * Use decryptWithPassword or WebAuthn key decryption instead
   */
  async decryptWithWebAuthn(
    encryptedData: string,
    credentialId: string
  ): Promise<CredentialData> {
-    // Pour l'instant, on utilise un déchiffrement simple
+    secureLogger.error('decryptWithWebAuthn is deprecated and does NOT decrypt data', new Error('Use decryptWithPassword or WebAuthn decryption'));
+    
+    // WARNING: Only base64 decoding, no decryption - DO NOT USE FOR SENSITIVE DATA
    const decoded = atob(encryptedData);
    const data = JSON.parse(decoded);