Difference between revisions of "ESAPI Encryption"

From OWASP
Jump to: navigation, search
(New page: == Feature Overview == TODO == Possible Enhancements == * TODO * ...)
 
Line 5: Line 5:
 
== Possible Enhancements ==  
 
== Possible Enhancements ==  
  
* TODO
+
* seal() should include an HMAC or integrity check to ensure that the encrypted data has not been tampered with.
  
* ...
+
* The API should include support for key rotation
 +
 
 +
* The API should allow key management to be externalized, to allow developers to integrate their own key management strategies (such as a PKI).
 +
 
 +
* The documentation for each method should indicate whether it is designed to protect integrity, confidentiality, or both; and whether it is suitable for encrypting transient items (such as hidden form fields) or is designed for long-term storage.

Revision as of 09:39, 11 December 2008

Feature Overview

TODO

Possible Enhancements

  • seal() should include an HMAC or integrity check to ensure that the encrypted data has not been tampered with.
  • The API should include support for key rotation
  • The API should allow key management to be externalized, to allow developers to integrate their own key management strategies (such as a PKI).
  • The documentation for each method should indicate whether it is designed to protect integrity, confidentiality, or both; and whether it is suitable for encrypting transient items (such as hidden form fields) or is designed for long-term storage.