Skip to content

Latest commit

 

History

History
145 lines (97 loc) · 6.3 KB

README.md

File metadata and controls

145 lines (97 loc) · 6.3 KB

Taoensso open source
API | Wiki | Latest releases | Slack channel

Tempel

Data security framework for Clojure

Tempel is a lightweight encryption framework that wraps the JVM's native crypto facilities to provide a particularly high-level Clojure API for easily protecting your users' data.

More than another collection of crypto utils, Tempel offers a coherent and opinionated API for secure data management and is focused on helping you with the toughest parts of actually using encryption in practice.

Its tiny API and focus on smart keychains helps shield you from unnecessary and error-prone complexity, greatly simplifying the most common data security needs.

Latest release/s

Main tests Graal tests

See here for earlier releases.

Why Tempel?

  • Easy-to-use, high-level API focused on common tasks like logins, encryption, signing, etc.
  • Reasonable defaults including choice of algorithms and work factors.
  • Future-proof data formats with auto-updated algorithms and work factors over time.
  • Support for ⧉ symmetric, ⧉ asymmetric (public-key), and ⧉ end-to-end (E2EE) encryption.
  • Automatic ⧉ scrypt and ⧉ pbkdf2 support for easy password-based key stretching.
  • Simple key management API for password resets, key rotations, etc.
  • Extensive beginner-oriented documentation, docstrings, and error messages.
  • Comprehensive test suite with >60k unit tests.

Note that Tempel is not intended for interop with other cryptographic tools/APIs!

Video demo

See for intro and usage:

Tempel demo video

Quick example

(require
  '[taoensso.tempel :as tempel]
  '[taoensso.nippy  :as nippy])

;; Create a new private `KeyChain`:
(def my-keychain! (tempel/keychain))
;; => {:n-sym 1, :n-prv 2, :n-pub 2, :secret? true}

;; Use our `KeyChain` to encrypt some data:
(def my-encrypted-data
  (tempel/encrypt-with-symmetric-key
    (nippy/freeze "My secret data")
    my-keychain!)) ; => Encrypted bytes

;; Get back the original unencrypted data:
(nippy/thaw
  (tempel/decrypt-with-symmetric-key
    my-encrypted-data my-keychain!)) ; => "My secret data"

;; It's safe to store encrypted `KeyChain`s:
(def my-encrypted-keychain
  (tempel/encrypt-keychain my-keychain!
    {:password "My password"})) ; => Encrypted bytes

;; Get back the original unencrypted `KeyChain`:
(= my-keychain!
  (tempel/decrypt-keychain my-encrypted-keychain
    {:password "My password"})) ; => true

;; `KeyChain`s also support:
;;   - `encrypt-with-1-keypair`
;;   - `encrypt-with-2-keypairs`
;;   - `sign`

;; See docstrings and/or wiki for more info!

Documentation

Roadmap

Tempel has a fixed scope, and is fully complete. I'm happy with its design and implementation, and believe it meets all its objectives in its current form. I'm not anticipating significant changes.

Still, given the sensitivity of the problem domain, I plan to approach Tempel's official stable release as a phased rollout to allow time for feedback before locking things down:

Phase Date Release Appropriate for
2024-02 v1.0-RC1 Staging, with ephemeral or low-value data
2024-08 v1.0 final Production, with real data

v1.0 final will be considered "done"- the library is expected to need+see only minimal maintance from that point.

Disclaimer

Important: while Tempel has been written and tested with care, the nature of the problem domain inevitably means that bugs and/or misuse can be especially harmful and/or easy to make.

Bugs and/or misuse could lead to security vulnerabilities or even permanent data loss.

Please be very careful evaluating Tempel and/or other cryptographic libraries/frameworks before use, especially new libraries/frameworks like Tempel!

Security

See here for security advisories and/or to report security vulnerabilities.

Funding

You can help support continued work on this project, thank you!! 🙏

License

Copyright © 2023-2024 Peter Taoussanis.
Licensed under EPL 1.0 (same as Clojure).