Encryption
Overview
This page contains recommendations for choosing an encryption algorithm, key length, cryptographic parameters and materials, and implementation features.
General
Do not implement custom cryptographic algorithms.
Use only public algorithms that have been proven to be strong, such as
AES
,RSA
orCurve25519
.The main criterion for choosing an encryption algorithm and the key length is the required level of security. That is, the longer data must remain encrypted, the stronger algorithm must be used. The strength of an algorithm is determined by the presence of effective attacks on it and the key length used.
Table 2: Comparable strengths
from the Recommendation for Key Management compares security levels for approved algorithms and key lengths.The implementation of a cryptographic algorithm should be widely distributed and developed with the involvement of a cryptographic expert.
Use cryptographically strong random number generators to generate all random values that are used as cryptographic parameters such as initialization vectors, nonces, keys, etc., see the Cryptography: Random Generators page.
Use nonces, initialization vectors, and other single-use numbers only once with a given encryption key.
Comply with requirements from the Cryptography: Cryptographic Keys Management page.
Log errors in cryptography components, see the Logging and Monitoring page.
Comply with requirements from the Error and Exception Handling page.
Use FIPS 140-2 or PCI DSS certified implementations of cryptographic algorithms.
Symmetric
The minimum allowed symmetric encryption algorithm is
AES/128/GCM
.Use only NIST-approved encryption modes such as
CCM
,GCM
,CTR
, orCBC
.Do not use ECB encryption mode.
When using Authenticated Encryption and Authenticated Encryption with Associated Data encryption forms:
Use
CCM
orGCM
encryption modes.If
CCM
andGCM
modes are not available:Use block encryption in
CBC
mode and theEncrypt-then-MAC
technique with the Hash-based message authentication code (HMAC).Do not use
CBC-MAC
with variable-length data.
Use nonces, initialization vectors, and other single-use numbers only once with a given encryption key.
Use
PKCS7
padding.
The minimum allowed symmetric encryption algorithm is
AES/256/GCM
.Use Authenticated Encryption and Authenticated Encryption with Associated Data encryption forms.
Asymmetric
The minimum allowed asymmetric encryption algorithm is
RSA/2048/SHA256
.Use elliptical curve cryptography (ECC) with a secure curve that provides at least 128 bits of security strength, such as
secp256r1
.
The minimum allowed asymmetric encryption algorithm is
RSA/3072/SHA256
.Use elliptical curve cryptography (ECC) with a secure curve that provides at least 256 bits of security strength, such as
secp521r1
.
Encryption implementation
Use the crypto package to implement cryptographic operations.
AES/256/GCM encryption and decryption
RSA/2048/SHA256 encryption and decryption
Last updated