Can this skill handle very large files?

Yes, the skill includes implementation patterns for streaming encryption, allowing you to process files larger than 1GB by reading and encrypting data in chunks rather than loading it all into memory.

How should nonces be managed in AES-GCM?

GCM requires a 96-bit (12-byte) nonce that must be unique for every encryption operation using the same key. It should be generated using a CSPRNG and stored alongside the ciphertext.

Why is AES-GCM preferred over CBC mode?

AES-GCM is an Authenticated Encryption with Associated Data (AEAD) mode, meaning it provides both confidentiality and integrity. Unlike CBC, it includes an authentication tag that detects if the ciphertext has been tampered with.

Which key derivation function should I use?

Argon2id is currently recommended as the most secure, memory-hard option. However, PBKDF2 is widely supported and NIST-approved, provided a high iteration count (at least 600,000) is used.

AES-256 Data-at-Rest Encryption

Name: AES-256 Data-at-Rest Encryption
Author: mukul975

bymukul975

•

4,121

•

安全与测试

Implements NIST-standard AES-256-GCM encryption to protect sensitive data at rest with authenticated encryption and secure key derivation.

This skill provides a standardized framework for implementing AES-256 encryption in Galois/Counter Mode (GCM) to secure files and data stores. It covers the entire cryptographic lifecycle, including robust key derivation using Argon2 or PBKDF2, cryptographically secure IV/nonce management, and authenticated encryption to ensure data integrity. Designed for developers and security engineers, this skill facilitates the implementation of security controls aligned with NIST CSF 2.0 and FIPS 197, ensuring sensitive information remains protected against unauthorized access and tampering.

主要功能

01Tamper Detection via Authentication Tags

02Streaming Support for Large File Processing

03AES-256-GCM Authenticated Encryption

04Secure Key Derivation (Argon2, PBKDF2, scrypt)

054,121 GitHub stars

06Cryptographically Secure IV/Nonce Management

使用场景

01Establishing NIST-compliant security controls for regulatory data protection requirements

02Building secure backup and directory-level encryption utilities

03Securing local application data and configuration files in production environments

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills implementing-aes-encryption-for-data-at-rest

For use in Claude.ai and ChatGPT

主要功能

01Tamper Detection via Authentication Tags

02Streaming Support for Large File Processing

03AES-256-GCM Authenticated Encryption

04Secure Key Derivation (Argon2, PBKDF2, scrypt)

054,121 GitHub stars

06Cryptographically Secure IV/Nonce Management

使用场景

01Establishing NIST-compliant security controls for regulatory data protection requirements

02Building secure backup and directory-level encryption utilities

03Securing local application data and configuration files in production environments

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills implementing-aes-encryption-for-data-at-rest

For use in Claude.ai and ChatGPT