Loading

Updated Cryptographic Support for B2C Commerce dw.crypto API

Дата публикации: Apr 13, 2026
Описание

At Salesforce, we understand that the security and protection of your data is critical to your business. To further protect your data, B2C Commerce (formerly Commerce Cloud) is updating cryptography support for the dw.crypto cryptography API with the 21.10 B2C Commerce release.

This change aligns the dw.crypto API to stronger cryptography standards to better protect your data, but customers who don’t update deprecated cryptography methods before the release could experience disruption in their environments, including impact to customizations.

Read on for more information about the change and how to prepare today to avoid impact before the 21.10 release.

Решение

Overview of Changes to dw.crypto

dw.crypto is a B2C Commerce Script API package that enables customers to safely encrypt, sign, and generate cryptographically strong tokens and secure random identifiers. In the 21.10 B2C Commerce release, cryptography support for the dw.crypto API was updated so that potentially weak cryptography standards that could present a security risk to your environment were deprecated.

This applied to all active B2C Commerce environments using the dw.crypto API to encrypt, sign, and generate cryptographically strong tokens and secure random identifiers.

In the 21.2 B2C release, WARN messages were added in Log Center to help customers identify if they are impacted. further details below in the Identifying Impact section of this article have been provided to help identify these messages.

For impacted cryptography, customers will need to update their implementation and adopt the more secure cryptography. We understand that there may be use cases to support deprecated cryptography depending on the type of data and purpose. For this reason, four new dw.weakcrypto API offerings i.e. dw.crypto.WeakCipher, dw.crypto.WeakMac, dw.crypto.WeakMessageDigest, dw.crypto.WeakSignature were provided in the 21.2 B2C release. These can be used to migrate and update implementations and will continue to support cryptography deprecated from dw.crypto.

As a best practice, we recommend that our customers implement cryptography whenever they store, process or transmit sensitive data.

Identifying Impact

To identify impact, search for “is obsolete and has been deprecated” in the Log Center to view which API calls are affected and review related cryptographic warning log messages.

Use the following example WARN messages to help identify impact:

 
Sample warn log messages for weak cipher usage:
  • The encryption transformation used (AES/CFB120/NOPADDING) is obsolete and has been deprecated. Please use one of the recommended ones per the latest documentation or transition to the WeakCipher API for extended support., 1 time(s)
Sample warn log messages for weak signature usage:
  • SHA1withRSA is obsolete and has been deprecated. Please use one of the recommended ones (SHA256withRSA/PSS, SHA384withRSA/PSS, SHA512withRSA/PSS,SHA256withRSA, SHA384withRSA, SHA512withRSA) per the latest documentation., 1 time(s)
Sample warn log messages for weak mac usage:
  • The MAC algorithm used (HmacSHA1) is obsolete and has been deprecated. Please use one of the recommended ones ([HmacSHA256, HmacSHA384, HmacSHA512]) per the latest documentation, or transition to using WeakMac
Sample warn log messages for weak messagedigest usage:
  • The digest algorithm used (MD5) is obsolete and has been deprecated. Please use one of the recommended ones ([SHA-256, SHA-512]) per the latest documentation.
Номер статьи базы знаний

000390451

 
Загрузка
Salesforce Help | Article