todo: Improve encryption

Question

todo: Improve encryption

Closed this issue 9 months ago · 1 comments

Currently we use AES-256-GCM encryption to encrypt our secrets. This is is good enough as a base level encryption but not signing our secrets and not PFS makes the app much more vulnerable - which is not ideal if the app is going to be used in production.

Additionally, ring is much easier to use. aes-gcm doesn't have PFS support and additionally does not use a counter by default. See this point: https://docs.rs/rustls/latest/rustls/manual/_02_tls_vulnerabilities/index.html#gcm-nonces

TODO:

Start using ring (done)
Re-implement encryption and decryption (done)
~~Use a Perfect Forward Secrecy compatible signing~~ Moved to a future issue

Answer 1 · 2023-12-30T10:49:16.000Z

Closed because #10 was merged which fixes this issue