Spring Security Add support for AEAD to BytesEncryptor and TextEncryptor

The Spring Security org.springframework.security.crypto.encrypt package provides utilities that simplify working with the javax.crypto library. It exposes the two interfaces.

public interface TextEncryptor {
    String encrypt(String text);
    String decrypt(String encryptedText);
}

public interface BytesEncryptor {
    byte[] encrypt(byte[] byteArray);
    byte[] decrypt(byte[] encryptedByteArray);
}

Using the org.springframework.security.crypto.encrypt.Encryptors.stronger() returns a BytesEncryptor based on AES/GCM with 256-bit key. AES GCM supports AEAD but there is no way to set associated data on byte encryptor methods.

It would be nice to enhance the BytesEncryptor to support AEAD.

Comment From: rwinch

Generally, the crypto support we provide is to support other pieces of Spring Security. At this time we do not aim to support general purpose cryptography. I'll leave this open, but without a change in philosophy (caused by a lot of up votes), I don't think this will be prioritized soon.

Comment From: asaikali

Maybe update the docs point folks to alternatives like Google Tink. I am ok with this issue being close, since Google Tink offers a much more complete API for working with Crypto.

Comment From: rwinch

That seems reasonable to me. Would you like to create a PR for the documentation updates?

Comment From: rwinch

Closing as per feedback