Blog

This article was published in 2017 about R&D work, which resulted in stable production release of Themis that uses BoringSSL as one of crypto-engines. If you’re a developer and you’re dealing with cryptography for your app, consider using high-level cryptographic libraries like Themis instead of BoringSSL. No need to struggle with BoringSSL if your goal is to protect users’ data. Intro In Themis, we use industry-recognized implementations of cryptographic algorithms that come from OpenSSL/LibreSSL packages.

Introducing Acra If you are concerned about data security, this means confronting a threat landscape that requires vigilance and defence against a wide range of attacks. One of the prime targets for attack continues to be sensitive data that is stored in backend database storage. From simple discovery of unsecured databases, through classic SQL injection techniques, to compromised infrastructure that allows wholesale copying of database content, attacks focus on data assets with increasing precision.

Introduction On some cold winter night, we've decided to refactor a few examples and tests for Python wrapper in Themis, because things have to be not only efficient and useful, but elegant as well. One thing after another, and we ended up revamping Themis error codes a bit. Internal error and status flags sometimes get less attention than crypto-related code: they are internals for internal use. Problem is, when they fail, they might break something more crucial in a completely invisible way.

Intro As many of you know, Go is an amazing modern programming language with automated memory management. We love Go: we've used it to build Acra, our database encryption suite, we further use it to build other products. Not being extremely fancy, Go is practical and efficient and is a way to get things done in a reasonable timeframe. Sometimes, even in the age of modern, garbage-collected languages, with their own great profiling tools and well-thought memory management style, you'll still have to dust off old good valgrind to understand what's going on.

Bright and full of new 2016 year insensibly came to an end. Writing good software is hard: absorbed in developing our main products, closed a testing round of Acra (all hail the braves who dedicated an immense amount of time giving us feedback), we’ve spent most of the year undercover. Now that we’ve shown first cues to the open public, revelatory moments are closer than ever. This year we’ve put a lot of effort into helping Themis users understand how to better use Themis and how to build stronger apps:

Intro Themis provides several methods for encrypting data at rest - Secure Cell, Secure Message. Where do people store data? In files and in databases. Sometimes, you want to manipulate cryptographic data on the database side, this is where Themis plugins come handy. Even though generally it's a questionable practice, but sometimes you need to encrypt/decrypt data on the database side. Moreover, there are some security designs where you have to:

Article updated in 2019. Previously in the series... Previously, we’ve talked about design patterns best practices in backend security, then about key management goals and techniques. It is important to understand that database security evolved with system administration techniques and programming demands, with cryptography and access controls being complementary features, rather than cornerstones. In classic designs, there are two important drawbacks: Trust tokens: they rely on storing trust tokens somewhere inside the infrastructure;

Why feel cold when happiness and laughter of your colleagues might make any evening warm and happy. Yesterday our team gathered to  release Themis 0.9.4, and so did we.  Take a look at the updates: BoringSSL support on Android and Linux Fixed some leaks and code styling problems (thanks to @bryongloden) Memory management updates for stability in languages, which rely on GC Fix Themis build errors under certain conditions Swift3 support + numerous enhancements from @valeriyvan

Responsibility is yours, mine, and that developer's in the office nearby. Open any tech news aggregator and chances are, one-third of all news will be security-related. What we are seeing right now is insane raise of awareness to cyber security, dictated by security threats suddenly turning looming on the horizon to dangerously close to anybody on the Internet. It is not your typical buzzword market fad, where everyone suddenly gets interested in next exciting topic in the development of modern tech, looking for ‘wild opportunities’.

Key management in security system Frequently overlooked, much less hyped than quantum computers breaking trapdoor functions, managing keys is actually the most important part of building a security system. Secret keys, public-private key pairs, passwords and other factors of authentication are the control vessels within security system. In this article, we will go through basic key management concepts, explain some important ideas for next articles and provide some practical advice you can start implementing within your application tomorrow.