Hi @solvingj! Apologies for not checking chat on time.
Secure Cell is used for symmetric encrypting/decrypting of stored data, so I think it should be fine to use it in your case. User interaction might be needed to get user’s approval before decrypting (for example, you are storing sensitive data and do a double check asking the user for a password before showing the data).
However, encryption key is separated from user password, you should handle this key very carefully. We do not recommend storing encryption key near encrypted data. You might want to generate an encryption key based on pieces, stored in different places, including some user’s details, or use vendor-provided key storage (like Keychain on OSX).
We can discuss your case in more details, please, drop me email to firstname.lastname@example.org
NIST P-256) is default curve used in SecureMessage. Themis also can be re-compiled manually with
p521 (need to change default curve in code and re-compile).
Ed25519 only in SecureComparator
Currently we don't plan to expand curves support, because this should be done very carefully. Our goal not to make yet-another-openssl, but to provide easy-to-use and hard-to-misuse library that is fully compatible across 11 languages (three server-side platforms, two mobile-side platforms, containers, various process architectures yadda yadda), so adding new curve is smth to be carefully handled for each use-case.
However, if you are building a commercial project and timeline is crucial for you, you should consider the pro's of commercial support for Themis. During commercial agreement we can ship a special version of Themis for you.
we actually have worked on Themis version that uses libsodium (Curve25519 / ed25519) as crypto-backend. These changes live in a separate branch, not integrated into master
Here is a blog post describing changes
ntohllare not available on my mingw's headers, so had to implement them as well.
@rixtox that's awesome! would you mind to open a PR?
in previous years we've tested Themis on Windows couple of times, but we didn't have a capacity to support it as stable/testable open source code. If you open a PR, we'll do our best to integrate it into our existing codebase and integration test suite, and to mention you as contributor for eternal glory