Mitigating Cryptographic Mistakes by Design
ISSN der Zeitschrift
Mensch und Computer 2019 - Workshopband
MCI-WS08: 5. Usable Security und Privacy Workshop
Gesellschaft für Informatik e.V.
Developers struggle to integrate cryptographic functionality into their applications. Many mistakes have been identified by related work and tools have been developed for detecting, automatically repairing, or otherwise assisting developers in secure integration of cryptographic functionality. We present a cryptographic API that has been designed to prevent cryptographic mistakes for developers without a background in cryptography. For that purpose, common cryptographic mistakes were categorized systematically. A qualitative user study was performed that evaluates the usability of the API. The results indicate that a simple, comprehensive API can aid developers in implementing