Tink VS age

> I wonder what people say when they find a bug despite you using standard crypto?

Not using TLS doesn't automatically mean you need to "roll your own crypto". They could have used a well documentend library such as Google Tink[1] instead of doing their own crypto.

[1] https://github.com/google/tink

I sort of rewrote google's tink project in rust. There is already a rust version by project oak but it didn't exactly jive.

PassManager uses the Tink library for encryption, which provides state-of-the-art** security for your passwords. Tink uses industry-standard encryption algorithms like AES to ensure that your passwords are kept safe from prying eyes.

Note that in the example jwt refers to the Tink jwt package.

What I can't tell is if the new version had any fixes related to the bug being discussed here

Even the slightest hiccup could leave me vulnerable. I don't want to roll my own encryption. I want to use something like tink (a secure crypto library by Google) but unfortunately they don't support node or Javascript (there's a library that was published 2 years ago).

I dont have an answer for you, but 2 resources that are worth checking out: https://developer.android.com/guide/topics/security/cryptography and https://developers.google.com/tink

> Do C (or something where the mapping to C is known), and lots of languages have FFI libs where wrapping that is fairly trivial

That is an interesting idea, yet still a lot of work, sadly. I was hoping somebody had done the legwork already. I looked at Tink [1] and age [2] based on my co-worker's recommendation, but they all seem to have limited implementations in other languages.

[1] https://github.com/google/tink

[2] https://github.com/FiloSottile/age

and echoing the result after converting to an age private key

I like that https://github.com/FiloSottile/age has small public keys.

> something fresh

It exists, it's called age..

Some random links

https://github.com/FiloSottile/age

https://www.reddit.com/r/crypto/comments/hr64hr/state_of_age...

https://github.com/FiloSottile/age/discussions/432

> (Acquiring keys, rotating keys, identifying compromised keys, and most importantly either reaches a large enough percentage of emails..

Oh nevermind, age doesn't do any of that. Indeed, it doesn't even do email https://github.com/FiloSottile/age/issues/93

Encrypted secrets thanks to SOPS and Age

I never heard of "Age" before this post. Thank you to share. If others are interested to learn more, here are two other interesting posts about Age:

https://github.com/FiloSottile/age/discussions/432

https://words.filippo.io/dispatches/age-authentication/

of all things I was able to resolve the issue via this github issue: https://github.com/FiloSottile/age/issues/370#issuecomment-1...

Why keep something secret on a public repo? Is that not an oxymoron?

Also, I’m terms of encryption something like age[0] makes it much easier to not shoot yourself in the foot.

[0] https://github.com/FiloSottile/age

Why RSA specifically? For backups, I recommend Tarsnap. But if you really don't want to pay for encrypted cloud hosting, then check out age encryption.

I wouldn't use OpenSSL personally. If you just need simple but secure symmetric encryption, checkout the scrypt(1) encryption utility from Tarsnap. If you need support for public keys, check out age(1).