Open tknarr opened 8 years ago
tknarr
commented
8 years ago From looking at it I can make the changes to the Ruby implementation, and I think I can do the other implementations too. In Python I handled the version byte by carving out bits 5-6 to indicate the encryption level, 00 = 128-bit, 01 = 192-bit, 10 = 256-bit, giving version bytes of 0x80, 0xA0 and 0xC0 respectively. That leaves bits 0-5 for version numbering.
bedros
commented
8 years ago I need 256 bit key as well, the 128 bit is not strong enough these days.
tknarr
commented
8 years ago I have pull requests open for the spec and the Ruby implementation, working on one for the Go implementation, and the needed changes to the Python implementation in the cryptography package.
theonewolf
commented
7 years ago The ability to use AES 256 would help match other projects such as Vault.
Is there any expectation for maintainers to accept this pull request?
:+1:
jborrey
commented
7 years ago +1
erikreppel
commented
7 years ago +1
Is it possible to enhance the Fernet spec to allow the optional use of AES192/256 encryption with an appropriate flag in the version byte to indicate the encryption used? I've run into projects where Fernet would be a good fit but 256-bit encryption is required. Nothing in the current spec would interfere with allowing larger key lengths, and in the implementations I've tried it's simply a matter of setting the encryption to use the longer key and the rest of the implementation is oblivious to the change.