28 January 2019

Cryptography is hard, and rolling your own crypto is usually a bad idea. The project stars with the following claim:

This library is not a substitution for well seasoned TLS implementations and only exists as a supplementary means of offering cryptographic primitives. Make sure you understand the limitations of each function before you use them.

Having said that, the project exists because sometimes just doing TLS doesn’t fit the bill. What if we want to store an encrypted database row? Or what if the transport isn’t HTTP, but something else built on top of a streaming protocol? You’re most likely on your own.


In the confidentiality project we’re aiming to gather today’s best practices for doing message authentication, message encryption and doing key exchange over an untrusted channel.

You can follow the project development on my GitHub. At the moment there is no stable release yet.