-
Notifications
You must be signed in to change notification settings - Fork 42
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enhancement: ability to use AES192/256 encryption w/appropriate version-byte flag #16
Comments
From looking at it I can make the changes to the Ruby implementation, and I think I can do the other implementations too. In Python I handled the version byte by carving out bits 5-6 to indicate the encryption level, 00 = 128-bit, 01 = 192-bit, 10 = 256-bit, giving version bytes of 0x80, 0xA0 and 0xC0 respectively. That leaves bits 0-5 for version numbering. |
I need 256 bit key as well, the 128 bit is not strong enough these days. |
I have pull requests open for the spec and the Ruby implementation, working on one for the Go implementation, and the needed changes to the Python implementation in the |
The ability to use AES 256 would help match other projects such as Vault. Is there any expectation for maintainers to accept this pull request? 👍 |
+1 |
1 similar comment
+1 |
Is it possible to enhance the Fernet spec to allow the optional use of AES192/256 encryption with an appropriate flag in the version byte to indicate the encryption used? I've run into projects where Fernet would be a good fit but 256-bit encryption is required. Nothing in the current spec would interfere with allowing larger key lengths, and in the implementations I've tried it's simply a matter of setting the encryption to use the longer key and the rest of the implementation is oblivious to the change.
The text was updated successfully, but these errors were encountered: