| Vulnerabilities | |||||
|---|---|---|---|---|---|
| Version | Suggest | Low | Medium | High | Critical |
| 1.1.4 | 0 | 0 | 0 | 0 | 0 |
| 1.1.3 | 0 | 0 | 0 | 0 | 0 |
| 1.1.2 | 0 | 0 | 0 | 0 | 0 |
| 1.1.1 | 0 | 0 | 0 | 0 | 0 |
| 1.1.0 | 0 | 0 | 0 | 0 | 0 |
| 1.0.3 | 0 | 0 | 0 | 0 | 0 |
| 1.0.2 | 0 | 0 | 0 | 0 | 0 |
| 1.0.1 | 0 | 0 | 0 | 0 | 0 |
| 1.0.0 | 0 | 0 | 0 | 0 | 0 |
| 0.9.2 | 0 | 0 | 0 | 0 | 0 |
| 0.9.1 | 0 | 0 | 0 | 0 | 0 |
| 0.9.0 | 0 | 0 | 0 | 0 | 0 |
| 0.8.0 | 0 | 0 | 0 | 0 | 0 |
| 0.7.0 | 0 | 0 | 0 | 0 | 0 |
| 0.6.2 | 0 | 0 | 0 | 0 | 0 |
| 0.6.1 | 0 | 0 | 0 | 0 | 0 |
| 0.6.0 | 0 | 0 | 0 | 0 | 0 |
| 0.5.0 | 0 | 0 | 0 | 0 | 0 |
| 0.4.0 | 0 | 0 | 0 | 0 | 0 |
| 0.3.3 | 0 | 0 | 0 | 0 | 0 |
| 0.3.2 | 0 | 0 | 0 | 0 | 0 |
| 0.3.1 | 0 | 0 | 0 | 0 | 0 |
| 0.2.2 | 0 | 0 | 0 | 0 | 0 |
| 0.2.1 | 0 | 0 | 0 | 0 | 0 |
| 0.2.0 | 0 | 0 | 0 | 0 | 0 |
| 0.1.0 | 0 | 0 | 0 | 0 | 0 |
1.1.4 - This version may not be safe as it has not been updated for a long time. Find out if your coding project uses this component and get notified of any reported security vulnerabilities with Meterian-X Open Source Security Platform
Maintain your licence declarations and avoid unwanted licences to protect your IP the way you intended.
MIT - MIT License
Cloak is an Elixir encryption library that implements several best practices and conveniences for Elixir developers:
{:ok, ciphertext} = MyApp.Vault.encrypt("plaintext")
# => {:ok, <<1, 10, 65, 69, 83, 46, 71, 67, 77, 46, 86, 49, 45, 1, 250, 221,
# => 189, 64, 26, 214, 26, 147, 171, 101, 181, 158, 224, 117, 10, 254, 140, 207,
# => 215, 98, 208, 208, 174, 162, 33, 197, 179, 56, 236, 71, 81, 67, 85, 229,
# => ...>>}
MyApp.Vault.decrypt(ciphertext)
# => {:ok, "plaintext"}"plaintext"
|> MyApp.Vault.encrypt!(:aes_256)
|> MyApp.Vault.decrypt!()
|> MyApp.Vault.encrypt!(:aes_256)
|> MyApp.Vault.decrypt!()
# => "plaintext"config :my_app, MyApp.Vault,
ciphers: [
# In AES.GCM, it is important to specify 12-byte IV length for
# interoperability with other encryption software. See this GitHub issue
# for more details: https://github.com/danielberkompas/cloak/issues/93
#
# In Cloak 2.0, this will be the default iv length for AES.GCM.
aes_gcm: {Cloak.Ciphers.AES.GCM, tag: "AES.GCM.V1", key: <<...>>, iv_length: 12},
aes_ctr: {Cloak.Ciphers.AES.CTR, tag: "AES.CTR.V1", key: <<...>>}
]Every strong encryption algorithm recommends unique initialization vectors.
Cloak automatically generates unique vectors using
:crypto.strong_rand_bytes, and includes the IV in the ciphertext.
This greatly simplifies storage and is not a security risk.
Each ciphertext contains metadata about the algorithm and key which was used to encrypt it. This allows Cloak to automatically select the correct key and algorithm to use for decryption for any given ciphertext.
This makes key rotation much easier, because you can easily tell whether any given ciphertext is using the old key or the new key.
Cloak works through Vault modules which you define in your app, and add
to your supervision tree.
You can have as many vaults as you wish running simultaneously in your project. (This works well with umbrella apps, or any runtime environment where you have multiple OTP apps using Cloak)
You can use Cloak to transparently encrypt Ecto fields, using
cloak_ecto.
crypto library, and therefore inherits its security.Copyright (c) 2015 Daniel Berkompas
This work is free. You can redistribute it and/or modify it under the terms of the MIT License. See the LICENSE.md file for more details.