FluentCrypto: Cryptography in Easy Mode
Research has shown that cryptography concepts are hard to understand for developers, and secure use of cryptography APIs is challenging for mainstream developers. We have developed a fluent API named FluentCrypto to ease the secure and correct adoption of cryptography in the Node.js JavaScript runtime environment. It provides a task-based solution i.e., it hides the low-level complexities that involve using the native Node.js cryptography API, and it relies on the rules that crypto experts specify to determine a secure configuration of the API. We conducted an initial study and found that FluentCrypto is hard to misuse even for developers who lack cryptography knowledge, and compared to the standard Node.js crypto API, it is easier to use for developers and helps them to develop secure solutions in a shorter time.
READ FULL TEXT