Encryption

Encrypt files, secure passwords, manage keys, and audit code for cryptographic best practices.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "Encryption" with this command: npx skills add ivangdavila/encryption

When to Use

  • Encrypting files, database fields, or app storage
  • Password hashing (bcrypt, argon2)
  • Key management, rotation, derivation
  • TLS/certificate configuration
  • Auditing code for crypto mistakes
  • Mobile secure storage (Keychain, Keystore)

Algorithm Selection

PurposeUseAvoid
Passwordsargon2id, bcrypt (cost≥12)MD5, SHA1, plain SHA256
SymmetricAES-256-GCM, ChaCha20-Poly1305AES-ECB, DES, RC4
AsymmetricRSA-4096+OAEP, Ed25519, P-256RSA-1024, PKCS#1 v1.5
Key derivationPBKDF2 (≥600k), scrypt, argon2Single-pass hash
JWT signingRS256, ES256HS256 with weak secret
TLS1.2+ onlyTLS 1.0/1.1, SSLv3

Critical Rules

  1. Never reuse IVs/nonces — AES-GCM + repeated nonce = catastrophic
  2. Use authenticated encryption (AEAD) — Plain CBC enables padding oracles
  3. Hash passwords, don't encrypt — Hashing is one-way
  4. No hardcoded keys — Use env vars, KMS, or Vault
  5. No Math.random() for crypto — Use CSPRNG only
  6. Constant-time comparisons — Prevent timing attacks on secrets
  7. Separate keys by purpose — Encryption ≠ signing ≠ backup

File Encryption (CLI)

# age (modern, simple)
age -p -o file.age file.txt
age -d -o file.txt file.age

# GPG
gpg -c --cipher-algo AES256 file.txt

Platform-Specific

See patterns.md for code snippets:

  • Password hashing (Node, Python, Go)
  • Envelope encryption with KMS
  • JWT with RS256 key rotation
  • Secure token generation

See mobile.md for:

  • iOS Keychain wrapper
  • Android EncryptedSharedPreferences
  • SQLCipher setup
  • Biometric auth integration
  • Certificate pinning

See infra.md for:

  • TLS certificate auto-renewal
  • HashiCorp Vault policies
  • mTLS between services
  • Backup encryption verification

Audit Checklist

  • No plaintext passwords in DB/logs/env
  • No secrets in git history
  • No hardcoded keys in source
  • No Math.random() for security
  • No deprecated algorithms (MD5, SHA1, DES)
  • No disabled cert validation
  • IVs/nonces never reused
  • PBKDF2 iterations ≥600k / bcrypt cost ≥12
  • TLS 1.2+ enforced, old protocols disabled
  • Key rotation procedure documented

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Session Password

Provides secure session authentication using bcrypt-hashed passwords, security questions, email recovery, and lockout protection with audit logging.

Registry SourceRecently Updated
111
squallsol
Security

agent-bom registry

MCP server security registry and trust assessment — look up servers in the 427+ server security metadata registry, run pre-install marketplace checks, batch...

Registry SourceRecently Updated
0127
msaad00
Security

agent-bom scan

Security scanner for AI infrastructure — discovers MCP clients and servers, checks packages for CVEs (OSV, NVD, EPSS, KEV), maps blast radius, and generates...

Registry SourceRecently Updated
0128
Profile unavailable