Main Site β†—
SkillHubSkillHub
SKILLHUB
Back to ListFrom collection "claude-skills-generator"

encryption

by martinholovsky332GitHub

No description provided.

Unlock Deep Analysis

Use AI to visualize the workflow and generate a realistic output preview for this skill.

Powered by Fastest LLM

Development
Compatible Agents
Claude Code
Claude Code
~/.claude/skills/
Codex CLI
Codex CLI
~/.codex/skills/
Gemini CLI
Gemini CLI
~/.gemini/skills/
O
OpenCode
~/.opencode/skills/
O
OpenClaw
~/.openclaw/skills/
GitHub Copilot
GitHub Copilot
~/.copilot/skills/
Cursor
Cursor
~/.cursor/skills/
W
Windsurf
~/.codeium/windsurf/skills/
C
Cline
~/.cline/skills/
R
Roo Code
~/.roo/skills/
K
Kiro
~/.kiro/skills/
J
Junie
~/.junie/skills/
A
Augment Code
~/.augment/skills/
W
Warp
~/.warp/skills/
G
Goose
~/.config/goose/skills/
SKILL.md

When to Use

  • Encrypting files, database fields, or app storage
  • Password hashing (bcrypt, argon2)
  • Key management, rotation, derivation
  • TLS/certificate configuration
  • Auditing code for crypto mistakes
  • Mobile secure storage (Keychain, Keystore)

Algorithm Selection

PurposeUseAvoid
Passwordsargon2id, bcrypt (costβ‰₯12)MD5, SHA1, plain SHA256
SymmetricAES-256-GCM, ChaCha20-Poly1305AES-ECB, DES, RC4
AsymmetricRSA-4096+OAEP, Ed25519, P-256RSA-1024, PKCS#1 v1.5
Key derivationPBKDF2 (β‰₯600k), scrypt, argon2Single-pass hash
JWT signingRS256, ES256HS256 with weak secret
TLS1.2+ onlyTLS 1.0/1.1, SSLv3

Critical Rules

  1. Never reuse IVs/nonces β€” AES-GCM + repeated nonce = catastrophic
  2. Use authenticated encryption (AEAD) β€” Plain CBC enables padding oracles
  3. Hash passwords, don't encrypt β€” Hashing is one-way
  4. No hardcoded keys β€” Use env vars, KMS, or Vault
  5. No Math.random() for crypto β€” Use CSPRNG only
  6. Constant-time comparisons β€” Prevent timing attacks on secrets
  7. Separate keys by purpose β€” Encryption β‰  signing β‰  backup

File Encryption (CLI)

# age (modern, simple)
age -p -o file.age file.txt
age -d -o file.txt file.age

# GPG
gpg -c --cipher-algo AES256 file.txt

Platform-Specific

See patterns.md for code snippets:

  • Password hashing (Node, Python, Go)
  • Envelope encryption with KMS
  • JWT with RS256 key rotation
  • Secure token generation

See mobile.md for:

  • iOS Keychain wrapper
  • Android EncryptedSharedPreferences
  • SQLCipher setup
  • Biometric auth integration
  • Certificate pinning

See infra.md for:

  • TLS certificate auto-renewal
  • HashiCorp Vault policies
  • mTLS between services
  • Backup encryption verification

Audit Checklist

  • No plaintext passwords in DB/logs/env
  • No secrets in git history
  • No hardcoded keys in source
  • No Math.random() for security
  • No deprecated algorithms (MD5, SHA1, DES)
  • No disabled cert validation
  • IVs/nonces never reused
  • PBKDF2 iterations β‰₯600k / bcrypt cost β‰₯12
  • TLS 1.2+ enforced, old protocols disabled
  • Key rotation procedure documented

Source: https://github.com/martinholovsky/claude-skills-generator#skills-encryption

Content curated from original sources, copyright belongs to authors

Grade B
-AI Score
Best Practices
Checking...
Try this Skill

User Rating

USER RATING

0UP
0DOWN
Loading files...

WORKS WITH

Claude Code
Claude
Codex CLI
Codex
Gemini CLI
Gemini
O
OpenCode
O
OpenClaw
GitHub Copilot
Copilot
Cursor
Cursor
W
Windsurf
C
Cline
R
Roo
K
Kiro
J
Junie
A
Augment
W
Warp
G
Goose