bosconian-dynamics
commented
3 years ago After some light research, this should be implemented with Sodium, and an OpenSSL fallback. Should investigate how wp-config secrets/salts might be integrated into this process.
Most strategies would benefit from implicit encryption. There could be use-cases where it would be beneficial to have per-field settings such that plain-text values could be read from the JWT strategy token, but I think on the whole the effort outweighs any theoretical benefit.
Encrypt all the things. Gravity Forms' own "Save & Continue" functionality encrypts incomplete form data into the database and might serve as a good model for implementing encryption elsewhere.