Repository files navigation

API |Wiki |Latest releases |Slack channel

Tempel is a lightweight encryptionframework that wraps the JVM's native crypto facilities to provide aparticularly high-level Clojure API for easily protecting your users' data.

More than another collection of crypto utils, Tempel offers acoherent and opinionated API for secure data management and is focused on helping you with thetoughest parts of actuallyusing encryption in practice.

Itstiny API and focus onsmart keychains helps shield you from unnecessary and error-prone complexity, greatly simplifying the most common data security needs.

• 2024-02-26v1.0.0-RC1:release info

Seehere for earlier releases.

• Easy-to-use, high-level API focused oncommon tasks like logins, encryption, signing, etc.
• Reasonable defaults including choice of algorithms and work factors.
• Future-proof data formats with auto-updated algorithms and work factors over time.
• Support for⧉ symmetric,⧉ asymmetric (public-key), and⧉ end-to-end (E2EE) encryption.
• Automatic⧉ scrypt and⧉ pbkdf2 support for easypassword-based key stretching.
• Simplekey management API for password resets, key rotations, etc.
• Extensivebeginner-orienteddocumentation, docstrings, and error messages.
• Comprehensive test suite with >60k unit tests.

Note that Tempel isnot intended for interop with other cryptographic tools/APIs!

See for intro and usage:

(require  '[taoensso.tempel:as tempel]  '[taoensso.nippy:as nippy]);; Create a new private `KeyChain`:(defmy-keychain! (tempel/keychain));; => {:n-sym 1, :n-prv 2, :n-pub 2, :secret? true};; Use our `KeyChain` to encrypt some data:(defmy-encrypted-data  (tempel/encrypt-with-symmetric-key    (nippy/freeze"My secret data")    my-keychain!)); => Encrypted bytes;; Get back the original unencrypted data:(nippy/thaw  (tempel/decrypt-with-symmetric-key    my-encrypted-data my-keychain!)); => "My secret data";; It's safe to store encrypted `KeyChain`s:(defmy-encrypted-keychain  (tempel/encrypt-keychain my-keychain!    {:password"My password"})); => Encrypted bytes;; Get back the original unencrypted `KeyChain`:(= my-keychain!  (tempel/decrypt-keychain my-encrypted-keychain    {:password"My password"})); => true;; `KeyChain`s also support:;;   - `encrypt-with-1-keypair`;;   - `encrypt-with-2-keypairs`;;   - `sign`;; See docstrings and/or wiki for more info!

• Wiki (getting started, usage, etc.)
• API reference viacljdoc
• Support viaSlack channel orGitHub issues

Tempel has afixed scope, and isfully complete. I'm happy with its design and implementation, and believe it meets all its objectives in its current form. I'm not anticipating significant changes.

Still, given the sensitivity of the problem domain, I plan to approach Tempel's official stable release as a phased rollout to allow time for feedback before locking things down:

v1.0 final will be considered "done"- the library is expected to need+see only minimal maintance from that point.

Important: while Tempel has been written and tested with care, the nature of the problem domain inevitably means that bugs and/or misuse can beespecially harmful and/or easy to make.

Bugs and/or misuse could lead tosecurity vulnerabilities or evenpermanent data loss.

Please bevery careful evaluating Tempel and/or other cryptographic libraries/frameworks before use, especially new libraries/frameworks like Tempel!

Seehere forsecurity advisories and/or toreport security vulnerabilities.

You canhelp support continued work on this project, thank you!! 🙏

Copyright © 2023-2024Peter Taoussanis.
Licensed underEPL 1.0 (same as Clojure).