Encryption

Encrypt files, secure passwords, manage keys, and audit code for cryptographic best practices.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "Encryption" with this command: npx skills add ivangdavila/encryption

When to Use

  • Encrypting files, database fields, or app storage
  • Password hashing (bcrypt, argon2)
  • Key management, rotation, derivation
  • TLS/certificate configuration
  • Auditing code for crypto mistakes
  • Mobile secure storage (Keychain, Keystore)

Algorithm Selection

PurposeUseAvoid
Passwordsargon2id, bcrypt (cost≥12)MD5, SHA1, plain SHA256
SymmetricAES-256-GCM, ChaCha20-Poly1305AES-ECB, DES, RC4
AsymmetricRSA-4096+OAEP, Ed25519, P-256RSA-1024, PKCS#1 v1.5
Key derivationPBKDF2 (≥600k), scrypt, argon2Single-pass hash
JWT signingRS256, ES256HS256 with weak secret
TLS1.2+ onlyTLS 1.0/1.1, SSLv3

Critical Rules

  1. Never reuse IVs/nonces — AES-GCM + repeated nonce = catastrophic
  2. Use authenticated encryption (AEAD) — Plain CBC enables padding oracles
  3. Hash passwords, don't encrypt — Hashing is one-way
  4. No hardcoded keys — Use env vars, KMS, or Vault
  5. No Math.random() for crypto — Use CSPRNG only
  6. Constant-time comparisons — Prevent timing attacks on secrets
  7. Separate keys by purpose — Encryption ≠ signing ≠ backup

File Encryption (CLI)

# age (modern, simple)
age -p -o file.age file.txt
age -d -o file.txt file.age

# GPG
gpg -c --cipher-algo AES256 file.txt

Platform-Specific

See patterns.md for code snippets:

  • Password hashing (Node, Python, Go)
  • Envelope encryption with KMS
  • JWT with RS256 key rotation
  • Secure token generation

See mobile.md for:

  • iOS Keychain wrapper
  • Android EncryptedSharedPreferences
  • SQLCipher setup
  • Biometric auth integration
  • Certificate pinning

See infra.md for:

  • TLS certificate auto-renewal
  • HashiCorp Vault policies
  • mTLS between services
  • Backup encryption verification

Audit Checklist

  • No plaintext passwords in DB/logs/env
  • No secrets in git history
  • No hardcoded keys in source
  • No Math.random() for security
  • No deprecated algorithms (MD5, SHA1, DES)
  • No disabled cert validation
  • IVs/nonces never reused
  • PBKDF2 iterations ≥600k / bcrypt cost ≥12
  • TLS 1.2+ enforced, old protocols disabled
  • Key rotation procedure documented

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Agent Causal

Helps decide to ship, continue, or roll back changes from A/B test and DiD data by providing statistical analysis, decisions, and audit trails.

Registry SourceRecently Updated
900zhumorris
Security

Code Review Inspector

Automated code review checking for bugs, security issues, best practices, performance problems, and code style

Registry SourceRecently Updated
250Profile unavailable
Security

Docker Optimizer

Optimize Dockerfiles with multi-stage builds, layer caching, security best practices, and size reduction techniques

Registry SourceRecently Updated
260Profile unavailable
Security

Skill Auditor

Audit core: a classification taxonomy and a severity scoring function, kept orthogonal. Operates on the whole skill bundle (SKILL.md plus any referenced scri...

Registry SourceRecently Updated
1250Profile unavailable