oscerd opened a new pull request, #23988: URL: https://github.com/apache/camel/pull/23988
## Description `XMLSecurityDataFormat`'s data-cipher default is already `XMLCipher.AES_256_GCM`, but `xmlSecurity-dataformat.adoc` had drifted: - Both `passPhrase` examples used a **24-byte** key (`"Just another 24 Byte key"`), sized for 3DES. The passphrase becomes the raw key (`new SecretKeySpec(passPhrase, "AES")`), so 24 bytes is invalid for the AES-256-GCM default (needs 32) — the first example was effectively broken. - One example explicitly demonstrated `XMLCipher.TRIPLEDES`, implicitly recommending a legacy cipher. This **docs-only** PR: - Updates both `passPhrase` examples to a 32-byte key for the AES-256-GCM default. - Switches the explicit example from `TRIPLEDES` to `AES_256_GCM`. - Adds a **Data Cipher Algorithm** note (default is AES-256-GCM; 3DES is legacy/discouraged), mirroring the existing *Key Cipher Algorithm* note. The 3DES code path is unchanged and remains available for explicit opt-in (route-author's choice per the Camel security model). Derived from a PQC-readiness review. ## JIRA https://issues.apache.org/jira/browse/CAMEL-23744 --- _Submitted by Claude Code on behalf of Andrea Cosentino._ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
