Hi!

Thanks for your work.

On 15/06/14 01:26, Tony Arcieri wrote:

> Cryptor utilizes what's known as "authenticated encryption" exclusively,
> and supports two backends:
> 
> - RbNaCl: a Ruby binding to libsodium, a portable version of the
> state-of-the-art NaCl encryption library
> - ActiveSupport::MessageEncryptor: a bespoke authenticated encryption
> scheme using AES-CBC and HMAC built on Ruby's OpenSSL extension

AES-CBC is not a strong decision.
If you can, please try to use AES-GCM.

Hth. regards, sandor
--


> 
> Here's an example of using Cryptor with the recommended "xsalsa20poly1305"
> cipher supplied by RbNaCl:
> 
>     require 'cryptor'
>     require 'cryptor/symmetric_encryption/ciphers/message_encryptor'
> 
>     secret_key = Cryptor::SymmetricEncryption.random_key(:xsalsa20poly1305)
> 
>     cryptor = Cryptor::SymmetricEncryption.new(secret_key)
>     ciphertext = cryptor.encrypt(plaintext)
>     decrypted = cryptor.decrypt(ciphertext)
> 
> That's it!
> 
> Cryptor also supports key rotation, allowing multiple decryption keys to be
> active at the same time, but ensuring all new ciphertexts are produced by
> the newest, "active" key. This means that if keys are ever compromised, or
> you'd like to have a policy of rotating keys, you can easily update
> existing ciphertexts to be encrypted under a new key.
> 
> Cryptor uses the experimental ORDO message format for representing
> ciphertexts:
> 
> https://github.com/cryptosphere/ordo
> 
> Future versions of Cryptor may support additional message formats like
> OpenPGP and JWE.
> 
> Cryptor only supports symmetric encryption at this time. Future versions
> may support asymmetric encryption using RbNaCl's "Box" encryption primitive
> (a.k.a. curve25519xsalsa20poly1305)
> 
> Enjoy!
> 
> --
> Tony Arcieri
> 


-- 
Viele Gre Sandor