This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

ESAPI Encryption

From OWASP

Revision as of 19:55, 11 December 2008 by Jwinstead (talk | contribs) (→‎Possible Enhancements)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Feature Overview

TODO

Possible Enhancements

Potentially rename Seal and Unseal to better describe what they do
seal() should include an HMAC or integrity check to ensure that the encrypted data has not been tampered with (see CWE-649).

The API should include support for key rotation; indicated key used for encryption of data

The API should allow key management to be externalized, to allow developers to integrate their own key management strategies (such as a PKI).

The documentation for each method should indicate whether it is designed to protect integrity, confidentiality, or both; and whether it is suitable for encrypting transient items (such as hidden form fields) or is designed for long-term storage.

Retrieved from "https://wiki.owasp.org/index.php?title=ESAPI_Encryption&oldid=48456"