Encrypt, Decrypt & Verify
Full encryption lifecycle: generate key, encrypt data with AES, hash for integrity, and verify the pipeline.
Wann dieses Rezept verwenden
Demonstrates the full encrypt-then-MAC pattern for data protection. Essential understanding for implementing secure data storage and transmission.
Schritte
Secret Generator
Dieses Werkzeug ausprobieren →Create encryption key and IV
AES Encryption
Dieses Werkzeug ausprobieren →Encrypt the sensitive data
Hash Calculator
Dieses Werkzeug ausprobieren →Create integrity checksum
HMAC Generator
Dieses Werkzeug ausprobieren →Add authenticated integrity
Häufig gestellte Fragen
What is encrypt-then-MAC?
Encrypt the plaintext first, then compute a MAC (HMAC) over the ciphertext. The receiver verifies the MAC before decrypting, preventing padding oracle and other attacks.
Why not just use AES-GCM instead?
AES-GCM combines encryption and authentication in one step (AEAD). It is preferred over manual encrypt-then-MAC. This recipe demonstrates the concept; use GCM in production.
Verwandte Rezepte
Secure Password Workflow
Generate a strong password, verify its strength, and hash it for storage — a complete password security pipeline.
Web Security Header Audit
Audit your website's security headers, generate a CSP policy, evaluate it, and configure CORS.
JWT Authentication Setup
Set up JWT-based authentication: generate tokens, create signing keys, and implement TOTP for 2FA.
API Security Hardening
Harden your API with HMAC request signing, secure secrets, and SRI for client-side integrity.