👨‍💻
Application Security Handbook
  • Application Security Handbook
  • Web Application
    • Authentication
      • Authentication with Login and Password
      • Authentication with Phone Number
      • OAuth 2.0 Authentication
      • Multi-factor Authentication
      • Default Passwords
      • Password Change
      • Password Policy
      • Password Reset
      • Password Storage
      • One Time Password (OTP)
      • Email Address Confirmation
    • Authorization
    • Concept of Trusted Devices
    • Content Security Policy (CSP)
    • Cookie Security
    • Cryptography
      • Cryptographic Keys Management
      • Encryption
      • Hash-based Message Authentication Code (HMAC)
      • Hashing
      • Random Generators
      • Universal Unique Identifier (UUID)
    • Error and Exception Handling
    • File Upload
    • Input Validation
    • JSON Web Token (JWT)
    • Logging and Monitoring
    • Output Encoding
    • Regular Expressions
    • Sensitive Data Management
    • Session Management
    • Transport Layer Protection
    • Vulnerability Mitigation
      • Brute-force
      • Command Injection
      • Cross-Site Request Forgery (CSRF)
      • Cross-Site Scripting (XSS)
      • Mass Parameter Assignment
      • Parameter Pollution
      • Path Traversal
      • Regular Expression Denial of Service (ReDoS)
      • SQL Injection (SQLi)
      • XML External Entity (XXE) Injection
Powered by GitBook
On this page
  • Overview
  • General
  • Symmetric
  • Asymmetric
  • Encryption implementation
  1. Web Application
  2. Cryptography

Encryption

PreviousCryptographic Keys ManagementNextHash-based Message Authentication Code (HMAC)

Last updated 1 year ago

Overview

This page contains recommendations for choosing an encryption algorithm, key length, cryptographic parameters and materials, and implementation features.

General

  • Do not implement custom cryptographic algorithms.

  • Use only public algorithms that have been proven to be strong, such as AES, RSA or Curve25519.

  • The implementation of a cryptographic algorithm should be widely distributed and developed with the involvement of a cryptographic expert.

  • Use nonces, initialization vectors, and other single-use numbers only once with a given encryption key.

Symmetric

  • The minimum allowed symmetric encryption algorithm is AES/128/GCM.

  • When using Authenticated Encryption and Authenticated Encryption with Associated Data encryption forms:

    • Use CCM or GCM encryption modes.

    • If CCM and GCM modes are not available:

  • Use nonces, initialization vectors, and other single-use numbers only once with a given encryption key.

  • Use PKCS7 padding.

  • The minimum allowed symmetric encryption algorithm is AES/256/GCM.

  • Use Authenticated Encryption and Authenticated Encryption with Associated Data encryption forms.

Asymmetric

  • The minimum allowed asymmetric encryption algorithm is RSA/2048/SHA256.

  • Use elliptical curve cryptography (ECC) with a secure curve that provides at least 128 bits of security strength, such as secp256r1.

  • The minimum allowed asymmetric encryption algorithm is RSA/3072/SHA256.

  • Use elliptical curve cryptography (ECC) with a secure curve that provides at least 256 bits of security strength, such as secp521r1.

Encryption implementation

AES/256/GCM encryption and decryption

import (
    "crypto/aes"
    "crypto/cipher"
)

func Encrypt(aes256key []byte, nonce []byte, plaintext []byte) ([]byte, error) {
    // The key argument should be either 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256
    block, err := aes.NewCipher(aes256key)
    if err != nil {
        return nil, err
    }
    aesgcm, err := cipher.NewGCM(block)
    if err != nil {
        return nil, err
    }
    return aesgcm.Seal(nil, nonce, plaintext, nil), nil
}

func Decrypt(aes256key []byte, nonce []byte, ciphertext []byte) ([]byte, error) {
    // The key argument should be either 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256
    block, err := aes.NewCipher(aes256key)
    if err != nil {
        return nil, err
    }
    aesgcm, err := cipher.NewGCM(block)
    if err != nil {
        return nil, err
    }
    plaintext, err := aesgcm.Open(nil, nonce, ciphertext, nil)
    if err != nil {
        return nil, err
    }
    return plaintext, nil
}

RSA/2048/SHA256 encryption and decryption

import (
    "crypto/rsa"
    "crypto/sha256"
    "crypto/rand"
)

func Encrypt(rsa2048Key *rsa.PublicKey, plaintext []byte, label []byte) ([]byte, error) {
    // crypto/rand.Reader is a good source of entropy for randomising the encryption function
    rng := rand.Reader
    hash := sha256.New()
    ciphertext, err := rsa.EncryptOAEP(hash, rng, rsa2048Key, plaintext, label)
    if err != nil {
        return nil, err
    }
    return ciphertext, nil
}

func Decrypt(rsa2048Key *rsa.PrivateKey, ciphertext []byte, label []byte) ([]byte, error) {
    // crypto/rand.Reader is a good source of entropy for randomising the encryption function
    rng := rand.Reader
    hash := sha256.New()
    plaintext, err := rsa.DecryptOAEP(hash, rng, rsa2048Key, ciphertext, label)
    if err != nil {
        return nil, err
    }
    return plaintext, nil
}

The main criterion for choosing an encryption algorithm and the key length is the required level of security. That is, the longer data must remain encrypted, the stronger algorithm must be used. The strength of an algorithm is determined by the presence of effective attacks on it and the key length used. Table 2: Comparable strengths from the compares security levels for approved algorithms and key lengths.

Use cryptographically strong random number generators to generate all random values that are used as cryptographic parameters such as initialization vectors, nonces, keys, etc., see the page.

Comply with requirements from the page.

Log errors in cryptography components, see the page.

Comply with requirements from the page.

Use or certified implementations of cryptographic algorithms.

Use only encryption modes such as CCM, GCM, CTR, or CBC.

Do not use .

Use block encryption in CBC mode and the Encrypt-then-MAC technique with the .

Do not use CBC-MAC with .

Use the package to implement cryptographic operations.

Recommendation for Key Management
Cryptography: Random Generators
Cryptography: Cryptographic Keys Management
Logging and Monitoring
Error and Exception Handling
FIPS 140-2
PCI DSS
NIST-approved
ECB encryption mode
Hash-based message authentication code (HMAC)
variable-length data
crypto