todo: Improve encryption
Closed this issue · 1 comments
joshua-mo-143 commented
Currently we use AES-256-GCM encryption to encrypt our secrets. This is is good enough as a base level encryption but not signing our secrets and not PFS makes the app much more vulnerable - which is not ideal if the app is going to be used in production.
Additionally, ring
is much easier to use. aes-gcm
doesn't have PFS support and additionally does not use a counter by default. See this point: https://docs.rs/rustls/latest/rustls/manual/_02_tls_vulnerabilities/index.html#gcm-nonces
TODO:
- Start using
ring
(done) - Re-implement encryption and decryption (done)
Use a Perfect Forward Secrecy compatible signingMoved to a future issue
joshua-mo-143 commented
Closed because #10 was merged which fixes this issue