taoensso.nippy.encryption
Simple no-nonsense crypto with reasonable defaults. Because your Clojure data
deserves some privacy.
->AES128Encryptor
(->AES128Encryptor key-gen key-cache)
Positional factory function for class taoensso.nippy.encryption.AES128Encryptor.
aes128-encryptor
Default 128bit AES encryptor with multi-round SHA-512 key-gen.
Password form [:salted "my-password"]
---------------------------------------
USE CASE: You want more than a small, finite number of passwords (e.g. each
item encrypted will use a unique user-provided password).
IMPLEMENTATION: Uses a relatively cheap key hash, but automatically salts
every key.
PROS: Each key is independent so would need to be attacked independently.
CONS: Key caching impossible, so there's an inherent trade-off between
encryption/decryption speed and the difficulty of attacking any
particular key.
Slower than `aes128-cached`, and easier to attack any particular key - but
keys are independent.
Password form [:cached "my-password"]
---------------------------------------
USE CASE: You want only a small, finite number of passwords (e.g. a limited
number of staff/admins, or you'll be using a single password to
encrypt many items).
IMPLEMENTATION: Uses a _very_ expensive (but cached) key hash, and no salt.
PROS: Great amortized encryption/decryption speed. Expensive key hash makes
attacking any particular key very difficult.
CONS: Using a small number of keys for many encrypted items means that if any
key _is_ somehow compromised, _all_ items encrypted with that key are
compromised.
Faster than `aes128-salted`, and harder to attack any particular key - but
increased danger if a key is somehow compromised.IEncryptor
protocol
members
decrypt
(decrypt encryptor pwd ba)
encrypt
(encrypt encryptor pwd ba)
map->AES128Encryptor
(map->AES128Encryptor m__5869__auto__)
Factory function for class taoensso.nippy.encryption.AES128Encryptor, taking a map of keywords to field values.
standard-header-ids
These'll support :auto thaw.