Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a high level API for securing stored data #4

Open
jvz opened this issue Nov 21, 2020 · 2 comments
Open

Create a high level API for securing stored data #4

jvz opened this issue Nov 21, 2020 · 2 comments
Assignees
@jvz
Labels
enhancement New feature or request
Milestone
1.0

Comments

@jvz
Copy link
Contributor

jvz commented Nov 21, 2020
edited

Consider the design of Themis: https://docs.cossacklabs.com/themis/crypto-theory/cryptosystems/secure-cell/

Similarly, in NaCl and libsodium, this concept is exposed as a secretbox API for authenticated encryption, and the secretstream API is used as a higher level API for authenticated encryption of arbitrary length data streams (the lower level API should be limited to smaller, well tested data limits).

The high level API to develop here should address a similar use case to secretstream.

Note that password-based keys are out of scope for this issue and is covered in #7.
@jvz jvz added the enhancement New feature or request label Nov 21, 2020
@jvz jvz added this to the 1.0 milestone Nov 21, 2020
@jvz jvz self-assigned this Nov 21, 2020
@jvz jvz modified the milestones: 1.0, 1.1 Nov 21, 2020
jvz added a commit that referenced this issue Nov 28, 2020
@jvz
Add data security API
020b529 
This relates to #4.
@jvz
Copy link
Contributor Author

jvz commented Nov 28, 2020

By making the token a little bigger to include a version constant, this will make it easier to support other key types in #7 with potentially different token sizes.

This was referenced Dec 6, 2020
Open
Closed
@jvz
Copy link
Contributor Author

jvz commented Feb 20, 2021

One key design issue here should also include breaking up larger data buffers into chunks of authenticated encrypted blocks. This can also incorporate the padme padding algorithm to remove side channel info about message lengths.

jvz added a commit that referenced this issue Apr 18, 2021
@jvz
Create initial high level APIs
889058c 
Related to #4 and #5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jvz jvz

Labels
enhancement New feature or request
Projects
None yet
Milestone
1.0
Development

No branches or pull requests
1 participant
@jvz