You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
AES-GCM may be recommended for new applications, but AES-CBC is likely the most common (and vulnerability-free to-date) symmetric encryption in use. HLS streaming and many third-party file formats and proprietary protocols build on AES-CBC, so not having it in Crypto (and CryptoKit) hinders interoperability with many services.
BoringSSL does AES-CBC. And since we already have a GCM wrapper, adding CBC should be as easy as changing a few parameters. We won't be able to reuse AEAD contexts and protocols to share this implementation with GCM/ChaCha because CBC is not AEAD, but calls to BoringSSL EVP should only require minimal changes.
Importance:
Currently there is no official Swift APIs for AES-CBC. On Apple platforms, one has access to CommonCrypto which does full-feature AES, and Security framework which has limited AES support only on macOS. Third-party Swift cryptography libraries with AES support do exist, but their APIs do not play well if most parts of my application already uses Crypto(Kit).
The text was updated successfully, but these errors were encountered:
New API Proposal: AES-CBC
Motivation:
AES-GCM may be recommended for new applications, but AES-CBC is likely the most common (and vulnerability-free to-date) symmetric encryption in use. HLS streaming and many third-party file formats and proprietary protocols build on AES-CBC, so not having it in Crypto (and CryptoKit) hinders interoperability with many services.
BoringSSL does AES-CBC. And since we already have a GCM wrapper, adding CBC should be as easy as changing a few parameters. We won't be able to reuse AEAD contexts and protocols to share this implementation with GCM/ChaCha because CBC is not AEAD, but calls to BoringSSL EVP should only require minimal changes.
Importance:
Currently there is no official Swift APIs for AES-CBC. On Apple platforms, one has access to CommonCrypto which does full-feature AES, and Security framework which has limited AES support only on macOS. Third-party Swift cryptography libraries with AES support do exist, but their APIs do not play well if most parts of my application already uses Crypto(Kit).
The text was updated successfully, but these errors were encountered: