Hi all.
I’d like to write a simple command line password manager for myself as a fun project.
What’s a good crypto lib to use? Hopefully with examples.
I actually haven’t seen any encryption libraries that are as easy to use as Dream’s functions: Dream — Tidy, feature-complete web framework
Of course there are other more powerful libraries, but Dream’s encrypt and decrypt seem good enough for a lot of use cases. You may be able to copy over the relevant parts of the source code if you don’t want the entire Dream dependency cone, of course.
Thanks, I will have a look.
Thanks a lot, I will have a look.
didn’t try it myself, but Argon2 is specifically tailored for passwords
(passwords should be hashed and not encrypted)
1 Like
@msbic wants to write a password manager, not store the user passwords of a service (in which case you are right).
1 Like
Not sure it is intuitive, especially because it has an object interface instead
of a functional one, but it does the job:
2 Likes
This RSA module exposes only very low level primitives. It’s not something you should directly use to store encrypted passwords.
1 Like
Great suggestions. Thanks everyone!
I will evaluate them all
Why not? It looks like I can create a keypair and use it to encrypt a string into ciphertext. Can’t I then just store that ciphertext string?
Look at the docs (or implementation) for encrypt: it can only encrypt data shorter than the key, which means you’ll need a padding algorithm and couple it with a symmetric cipher to do hybrid encryption. In every of these steps you can shoot yourself in the foot.
Not to say that it’s not valuable or that people shouldn’t try to do these things, but that’s a different project. It’s not “an intuitive crypto lib”.
If you’re interested, Cryptopals set 6 explores problems with RSA.
3 Likes