FluentCrypto: Cryptography in Easy Mode
Simon Kafader, Mohammad Ghafari
TL;DR
FluentCrypto is a user-friendly API designed to simplify secure cryptography implementation in Node.js, reducing misuse and development time for developers lacking cryptography expertise.
Contribution
It introduces a task-based, rule-driven cryptography API that hides complexity and enhances security and usability for mainstream developers.
Findings
FluentCrypto reduces cryptography misuse among developers.
It is easier and faster to use than native Node.js crypto API.
Developers develop secure solutions more efficiently with FluentCrypto.
Abstract
Research has shown that cryptography concepts are hard to understand for developers, and secure use of cryptography APIs is challenging for mainstream developers. We have developed a fluent API named FluentCrypto to ease the secure and correct adoption of cryptography in the Node.js JavaScript runtime environment. It provides a task-based solution i.e., it hides the low-level complexities that involve using the native Node.js cryptography API, and it relies on the rules that crypto experts specify to determine a secure configuration of the API. We conducted an initial study and found that FluentCrypto is hard to misuse even for developers who lack cryptography knowledge, and compared to the standard Node.js crypto API, it is easier to use for developers and helps them to develop secure solutions in a shorter time.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.