Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
aes (GitHub: RustCrypto / block-ciphers / aes) good: still maintained as of now - last commit on GitHub is from October 2021 good: examples look easy to use good: has received an audit by NCC Group bad: seems a bit too low level - the example provided only shows usage with data that is exactly block sized - seems there is no padding handling for real world use cases
rust-crypto (GitHub: DaGenix / rust-crypto) good: support for different algorithms I wanna use for enrypting hashing (the latter is for another project) good: seems easy to use according to the example bad: no audit yet bad: don't know if still maintained, last commit on GitHub is from September 2016
ring (GitHub: briansmith / ring) good: praised by many and used in other big crates good: still maintained as of now - last commit on GitHub is from October 2021 bad: no audit yet - at least I couldn't find any statement bad: I have absolutely no clue how to use this, can't find any examples on the GitHub readme and nothing in the source tree that would give it away
Use RustCrypto's aes with one of its block modes (https://docs.rs/block-modes/latest/block_modes/) or AEAD algorithms (https://github.com/RustCrypto/AEADs). There's a lot of modular stuff in RustCrypto, just need to browse a little 😉.
I would really suggest avoiding implementing your own stuff and either running Hashicorp Vault or seeing if your hosting provider has some secrets manager service.
I have seen that RustCrypto also offers a create for securely zeroing memory with: zeroize