AgentSkillsCN

cryptography

适用于为数据保护选择或实施加密控制措施。涵盖 TLS 配置、密码哈希算法、密钥管理、秘密管理,以及跨平台的加密标准。 适用场景:TLS、加密、哈希、Argon2、bcrypt、scrypt、密钥管理、秘密管理、AES、RSA、ECDSA、证书管理、HashiCorp Vault、AWS KMS、同态加密、FHE。 不适用场景:身份验证协议设计(应使用身份验证相关技能)、网络安全设备、自定义加密算法设计(应优先使用成熟的加密库)。

SKILL.md
--- frontmatter
name: cryptography
description: |
    Use when selecting or implementing cryptographic controls for data protection. Covers TLS configuration, password hashing algorithms, key management, secrets management, and encryption standards across all platforms.
    USE FOR: TLS, encryption, hashing, Argon2, bcrypt, scrypt, key management, secrets management, AES, RSA, ECDSA, certificate management, HashiCorp Vault, AWS KMS, homomorphic encryption, FHE
    DO NOT USE FOR: authentication protocol design (use authentication), network security appliances, custom cryptographic algorithm design (use established libraries instead)
license: MIT
metadata:
  displayName: "Cryptography"
  author: "Tyler-R-Kendrick"
compatibility: claude, copilot, cursor

Cryptography

Overview

Cryptography is the foundation of trust in modern software systems. It underpins confidentiality, integrity, authentication, and non-repudiation for data in transit and at rest. Every secure communication channel, every stored password, and every signed artifact relies on well-implemented cryptographic primitives.

The cardinal rule of applied cryptography is never roll your own crypto. Use established, peer-reviewed libraries and standards. Custom cryptographic algorithms or ad-hoc constructions are almost guaranteed to contain exploitable weaknesses. Rely on proven implementations such as OpenSSL, libsodium, Bouncy Castle, or the native cryptography modules provided by your platform.

TLS Configuration

Transport Layer Security protects data in transit. All services must enforce a minimum of TLS 1.2, and should prefer TLS 1.3 wherever supported.

Disabled Protocols

ProtocolStatusReason
SSL 3.0DisabledVulnerable to POODLE attack
TLS 1.0DisabledDeprecated by RFC 8996; known weaknesses
TLS 1.1DisabledDeprecated by RFC 8996; no modern benefits

Recommended Cipher Suites

Cipher SuiteProtocolNotes
AES-128-GCM / AES-256-GCMTLS 1.2+Authenticated encryption, hardware-accelerated on modern CPUs
ChaCha20-Poly1305TLS 1.2+Excellent performance on devices without AES-NI
  • In TLS 1.3, cipher suite negotiation is simplified and only secure options are available by default.
  • Disable CBC-mode ciphers when possible to avoid padding oracle attacks.
  • Always enable HSTS (HTTP Strict Transport Security) to prevent protocol downgrade attacks:
code
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

Password Hashing

Passwords must be hashed with a slow, memory-hard function designed specifically for password storage. General-purpose hash functions are not suitable.

Algorithm Comparison

AlgorithmStatusMemory-HardGPU ResistantRecommended Parameters
Argon2idGold standardYesYesm=64MB, t=3, p=4
bcryptSecure4KB fixedPartialcost=12+
scryptSecureYesYesN=16384, r=8, p=1
PBKDF2LegacyNoNo600,000+ iterations (SHA-256)

Argon2id is the recommended default. It won the Password Hashing Competition and combines resistance to both side-channel and GPU-based attacks.

Never use MD5 or SHA-family functions (SHA-1, SHA-256, SHA-512) for password hashing. These are general-purpose hash functions optimized for speed, which makes them trivially brute-forceable for password cracking. They lack salting by design and have no work-factor parameter.

Symmetric Encryption

Symmetric encryption uses a single shared key for both encryption and decryption.

  • AES-256-GCM is the standard for data at rest. GCM mode provides both confidentiality and integrity (authenticated encryption with associated data, or AEAD).
  • ChaCha20-Poly1305 is an excellent alternative, especially on platforms without hardware AES acceleration. It is the default in TLS 1.3 for non-AES-NI environments.
  • Never use ECB mode. ECB encrypts identical plaintext blocks to identical ciphertext blocks, leaking patterns in the data. Always use an authenticated mode such as GCM or an encrypt-then-MAC construction.

When using AES-GCM:

  • Use a unique nonce (IV) for every encryption operation under the same key.
  • Limit the amount of data encrypted under a single key to avoid nonce reuse (approximately 2^32 encryptions with random 96-bit nonces).
  • Rotate keys before reaching these limits.

Asymmetric Encryption

Asymmetric (public-key) cryptography uses a key pair: a public key for encryption or verification and a private key for decryption or signing.

Key Sizes and Algorithms

AlgorithmUse CaseMinimum Key SizeRecommendedNotes
RSAEncryption, signing2048 bits3072+ bitsWidely supported; use OAEP for encryption, PSS for signing
ECDSASigningP-256 (256 bits)P-256 or P-384Smaller keys, faster operations than RSA
Ed25519Signing256 bits (fixed)256 bits (fixed)Modern, fast, resistant to side-channel attacks; preferred for new systems
X25519Key exchange256 bits (fixed)256 bits (fixed)Used in TLS 1.3 and modern protocols
  • Ed25519 is the recommended choice for digital signatures in new systems due to its simplicity, performance, and security properties.
  • RSA keys below 2048 bits are considered insecure and must not be used.
  • For encryption use cases, prefer hybrid encryption: use asymmetric crypto to exchange a symmetric key, then encrypt the payload with AES-GCM.

Homomorphic Encryption

Homomorphic encryption (HE) allows computation on encrypted data without decrypting it first. The result, when decrypted, matches the result of performing the same operations on the plaintext. This enables data processing by untrusted parties (cloud providers, third-party analytics) while preserving confidentiality.

Schemes

SchemeOperations SupportedPerformanceUse Case
Partially Homomorphic (PHE)Addition OR multiplication (not both)FastSimple aggregations, voting
Somewhat Homomorphic (SHE)Limited additions and multiplicationsModerateBounded computations
Fully Homomorphic (FHE)Arbitrary additions and multiplicationsSlow (improving)General-purpose encrypted computation

Libraries and Frameworks

LibraryLanguageSchemeMaintainer
Microsoft SEALC++ (with .NET, Python wrappers)BFV, CKKSMicrosoft Research
OpenFHEC++ (with Python bindings)BGV, BFV, CKKS, TFHE, FHEWDARPA-funded consortium
TFHE-rsRustTFHEZama
ConcretePython / RustTFHEZama
HElibC++BGV, CKKSIBM

Practical Considerations

  • Performance: FHE is orders of magnitude slower than plaintext computation. Use it only when the confidentiality requirement justifies the overhead.
  • CKKS vs BFV/BGV: CKKS supports approximate arithmetic on real numbers (good for ML inference). BFV/BGV support exact integer arithmetic (good for counting, voting, database queries).
  • Bootstrapping: FHE schemes accumulate noise with each operation. Bootstrapping refreshes ciphertexts but is expensive. Leveled HE avoids bootstrapping by pre-setting the maximum circuit depth.
  • Key sizes: HE keys and ciphertexts are much larger than traditional encryption (megabytes vs bytes). Plan for storage and bandwidth overhead.
  • Use cases: Privacy-preserving ML inference, encrypted database queries, secure multi-party computation, confidential cloud analytics, healthcare data analysis without exposure.

When to use HE: When you need a third party to compute on your data but cannot afford to reveal the plaintext — and you can tolerate the performance overhead. For most applications, traditional encryption with access controls is simpler and sufficient.

Key Management

Cryptographic keys have a defined lifecycle that must be managed rigorously:

code
Generation --> Storage --> Distribution --> Usage --> Rotation --> Revocation --> Destruction

Lifecycle Principles

  1. Generation — Use cryptographically secure random number generators (CSPRNG). Never use Math.random() or similar non-cryptographic sources.
  2. Storage — Keys must never be stored in plaintext. Use Hardware Security Modules (HSMs) for high-value keys. HSMs provide tamper-resistant storage and perform cryptographic operations without exposing key material.
  3. Distribution — Use secure channels (TLS, out-of-band exchange). Never transmit keys alongside the data they protect.
  4. Usage — Limit key usage to a single purpose (encryption OR signing, not both). Enforce access controls.
  5. Rotation — Rotate keys on a regular schedule and immediately after any suspected compromise.
  6. Revocation — Maintain revocation lists (CRL) or use OCSP for certificates. Ensure revoked keys are no longer accepted.
  7. Destruction — Securely erase keys when they are no longer needed. Overwrite key material in memory.

Cloud KMS Services

ServiceProviderHSM-BackedAuto-RotationKey Types
AWS KMSAWSYesYes (annual)Symmetric, RSA, ECC
Azure Key VaultMicrosoftYesYesSymmetric, RSA, EC
GCP Cloud KMSGoogleYesYesSymmetric, RSA, EC, Ed25519
HashiCorp VaultHashiCorpOptionalYesAll types; transit secrets engine

Secrets Management

Secrets include API keys, database credentials, tokens, certificates, and encryption keys. Mismanaged secrets are one of the most common causes of security breaches.

Rules

  • Never store secrets in source code or version control. Even if a repository is private, secrets in VCS persist in history and are easily leaked.
  • Use dedicated secrets management tools. These provide encryption, access control, audit logging, and automatic rotation.
  • Inject secrets at runtime via environment variables, mounted files, or API calls — never bake them into container images or build artifacts.

Secrets Management Tools

ToolProviderDynamic SecretsAuto-RotationAudit LogNotes
HashiCorp VaultHashiCorpYesYesYesIndustry standard; self-hosted or cloud
AWS Secrets ManagerAWSYesYesYesNative AWS integration
Azure Key VaultMicrosoftNoYesYesIntegrated with Azure AD
GCP Secret ManagerGoogleNoYesYesIAM-based access control
DopplerDopplerNoYesYesDeveloper-friendly; multi-cloud
1Password Secrets Automation1PasswordNoNoYesGood for smaller teams; CLI and SDK support

Best Practices

  • Use established cryptographic libraries (libsodium, OpenSSL, Bouncy Castle, platform-native crypto APIs) rather than implementing primitives yourself.
  • Enforce TLS 1.2 as the minimum for all communications, and prefer TLS 1.3 where supported.
  • Hash passwords with Argon2id as the default; fall back to bcrypt (cost 12+) if Argon2 is unavailable.
  • Use authenticated encryption (AES-GCM or ChaCha20-Poly1305) for all symmetric encryption; never use unauthenticated modes like ECB or plain CBC.
  • Rotate cryptographic keys on a defined schedule and immediately upon suspected compromise.
  • Store all secrets in a dedicated secrets management tool with audit logging and access controls — never in code, configuration files, or version control.
  • Use Hardware Security Modules (HSMs) or cloud KMS for high-value key storage and cryptographic operations.
  • Keep cryptographic dependencies up to date and monitor for vulnerability disclosures affecting the algorithms and libraries you use.