For encryption/decryption AES in CCM-mode is used. The key is generated via Pbkdf2 from the passphrase.
You may want to visit the excellent SJCL demo to play around with the encryption algorithm.
Default encryption parameters:
- cipher: aes
- mode: ccm
- salt-size: 8 bytes
- tag-size: 8 bytes
- mac-size: 8 bytes
- PBKDF2 with HMAC/SHA256 and 1000 iterations
Encryption and decryption of posts and comments
Get the python-sjcl source from github:
For the complelete core functionality the pycrypto cryptography toolkit is used. At the time of development a special git branch for ccm support (variant of AES) was needed:
git clone -b ccm git://github.com/Legrandin/pycrypto.git .
Python example application: backup_cryptedblog.py
As a demonstration for both, the API and the cryptography a small backup application is available as part of python-sjcl:
You course you may uses this application to backup the content of your blog.
Possible security concerns using browser based cryptography
We do not want to neglect the fact that there are a lot of people who think it's problematic to use cryptography from web based applications.