This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
ESAPI Encryption
From OWASP
Feature Overview
The Encryptor API is designed to provide a simplified API for common operations developers may want to use in web applications. It is not designed to be a general-purpose crypto API, but only to provide safe implementations of common functionality.
Possible Enhancements
- seal() should include an HMAC or integrity check to ensure that the encrypted data has not been tampered with.
- The API should include support for key rotation
- The API should allow key management to be externalized, to allow developers to integrate their own key management strategies (such as a PKI).
- The documentation for each method should indicate whether it is designed to protect integrity, confidentiality, or both; and whether it is suitable for encrypting transient items (such as hidden form fields) or is designed for long-term storage.