Data Encryption Workflow
Encrypt sensitive data with AES, manage encryption keys securely, and verify with HMAC.
このレシピの使いどころ
Protect sensitive data at rest — user PII, payment information, health records. AES-256-GCM provides authenticated encryption, and HMAC adds an additional integrity layer.
ステップ
Secret Generator
このツールを試す →Create a strong encryption key
AES Encryption
このツールを試す →Encrypt the data
HMAC Generator
このツールを試す →Add integrity protection
よくある質問
Why use AES-GCM instead of AES-CBC?
GCM provides authenticated encryption — it detects if the ciphertext was tampered with. CBC requires a separate MAC (like HMAC) for integrity, making GCM simpler and more secure.
How should I store encryption keys?
Never store keys alongside encrypted data. Use a key management service (KMS) like AWS KMS, HashiCorp Vault, or environment variables for development.
関連レシピ
Secure Password Workflow
Generate a strong password, verify its strength, and hash it for storage — a complete password security pipeline.
Web Security Header Audit
Audit your website's security headers, generate a CSP policy, evaluate it, and configure CORS.
JWT Authentication Setup
Set up JWT-based authentication: generate tokens, create signing keys, and implement TOTP for 2FA.
API Security Hardening
Harden your API with HMAC request signing, secure secrets, and SRI for client-side integrity.