Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement AES-256-GCM encryption #3367

Merged
merged 3 commits into from
May 20, 2024
Merged

Implement AES-256-GCM encryption #3367

merged 3 commits into from
May 20, 2024

Conversation

dmjb
Copy link
Contributor

@dmjb dmjb commented May 20, 2024
edited
Loading

Fixes #3317

The GCM mode is recommended by OWASP and other authorities for secret encryption. As per @jhrozek's suggestion, use the cryptopasta implementation of AES-256-GCM (see link/copyright in code).

This PR does not actually make use of the new algorithm yet, this will be done in a future PR.

Summary

Provide a brief overview of the changes and the issue being addressed.
Explain the rationale and any background necessary for understanding the changes.
List dependencies required by this change, if any.

Fixes #(related issue)

Change Type

Mark the type of change your PR introduces:

  • Bug fix (resolves an issue without affecting existing features)
  • Feature (adds new functionality without breaking changes)
  • Breaking change (may impact existing functionalities or require documentation updates)
  • Documentation (updates or additions to documentation)
  • Refactoring or test improvements (no bug fixes or new functionality)

Testing

Outline how the changes were tested, including steps to reproduce and any relevant configurations.
Attach screenshots if helpful.

Review Checklist:

  • Reviewed my own code for quality and clarity.
  • Added comments to complex or tricky code sections.
  • Updated any affected documentation.
  • Included tests that validate the fix or feature.
  • Checked that related changes are merged.

@dmjb dmjb requested a review from a team as a code owner May 20, 2024 10:22
@dmjb dmjb assigned dmjb and jhrozek and unassigned dmjb May 20, 2024
@dmjb
Implement AES-256-GCM encryption
b241754 
Fixes #3317

The GCM mode is recommended by OWASP and other authorities for secret
encryption. As per @jhrozek's suggestion, use the cryptopasta implementation of
AES-256-GCM (see link/copyright in code).

This PR does not actually make use of the new algorithm yet, this will
be done in a future PR.
@coveralls
Copy link

coveralls commented May 20, 2024
edited
Loading

Coverage Status

coverage: 50.394% (+0.06%) from 50.336%
when pulling 59bc23c on new-crypto-algorithm
into 1ccdb36 on main.

@dmjb dmjb merged commit df58820 into main May 20, 2024
20 checks passed
@dmjb dmjb deleted the new-crypto-algorithm branch May 20, 2024 10:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jhrozek jhrozek jhrozek approved these changes

Assignees

@jhrozek jhrozek

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Use more secure encryption method for secrets
3 participants
@dmjb @coveralls @jhrozek