ores.security

ores.security provides the shared cryptographic primitives for ORE Studio. It covers scrypt password hashing with OWASP-recommended parameters, AES-256-GCM symmetric encryption with PBKDF2 key derivation, JWT token parsing/validation, and input validation for passwords (OWASP policy: 12+ chars, mixed case, digit, special) and email formats. All OpenSSL resources are managed via RAII. It is used by ores.iam for authentication and by ores.connections for credential encryption.

• Plaintext passwords and salts for hashing or key derivation.
• Ciphertext and encryption keys for AES-256-GCM decryption.
• JWT tokens (Base64url-encoded) for signature validation.

• scrypt password hashes for storage.
• AES-256-GCM encrypted/decrypted byte sequences.
• Validated JWT claims or validation errors.
• Password and email policy validation results.

• include/ores.security/crypto/ — scrypt hashing and AES-256-GCM.
• include/ores.security/jwt/ — JWT parsing and validation.
• include/ores.security/validation/ — password policy and email validators.

• OpenSSL — scrypt, AES-GCM, PBKDF2, and JWT signature primitives.