Research has shown that cryptography concepts are hard to understand for developers, and secure use of cryptography APIs is challenging for mainstream developers. We have developed a fluent API named FluentCrypto to ease the secure and correct adoption of cryptography in the Node.js JavaScript runtime environment. It provides a task-based solution i.e., it hides the low-level complexities that involve using the native Node.js cryptography API, and it relies on the rules that crypto experts specify to determine a secure configuration of the API. We conducted an initial study and found that FluentCrypto is hard to misuse even for developers who lack cryptography knowledge, and compared to the standard Node.js crypto API, it is easier to use for developers and helps them to develop secure solutions in a shorter time.
翻译:研究显示,对开发者来说,加密概念很难理解,加密自动识别信息的安全使用对主流开发者来说具有挑战性。我们开发了名为流利加密的流利自动识别信息,以方便在诺德.js JavaScript运行时环境中安全和正确地采用加密技术。它提供了一个基于任务的解决方案,即隐藏使用本地 Node.js加密人工识别信息所涉的低层次复杂问题,并依靠加密专家指定用来确定自动识别信息安全配置的规则。我们开展了一项初步研究,发现即使对缺乏加密知识的开发者来说,流利加密也很难被滥用。 与诺德.js加密API的标准相比,开发者更容易使用并帮助他们在较短的时间内开发安全解决方案。
相关内容
微信扫码咨询专知VIP会员