encryption_scheme Enum
namespace keychain → enum class encryption_scheme
Overview
The encryption_scheme enumeration specifies complete encryption algorithms with specific parameters, curves, and key sizes for public key encryption operations.
Syntax
namespace keychain {
enum class encryption_scheme {
// ECIES schemes
ECIES_P256_AES_128_GCM, // ECIES with P-256 curve, AES-128-GCM
ECIES_P256_AES_256_GCM, // ECIES with P-256 curve, AES-256-GCM
ECIES_P384_AES_256_GCM, // ECIES with P-384 curve, AES-256-GCM
ECIES_P521_AES_256_GCM, // ECIES with P-521 curve, AES-256-GCM
// RSA schemes
RSA_2048_OAEP_SHA256, // RSA-2048 with OAEP padding, SHA-256
RSA_3072_OAEP_SHA256, // RSA-3072 with OAEP padding, SHA-256
RSA_4096_OAEP_SHA256, // RSA-4096 with OAEP padding, SHA-256
RSA_2048_OAEP_SHA512, // RSA-2048 with OAEP padding, SHA-512
RSA_3072_OAEP_SHA512, // RSA-3072 with OAEP padding, SHA-512
RSA_4096_OAEP_SHA512, // RSA-4096 with OAEP padding, SHA-512
// ElGamal schemes
ELGAMAL_2048_SHA256, // ElGamal 2048-bit with SHA-256
ELGAMAL_3072_SHA256, // ElGamal 3072-bit with SHA-256
ELGAMAL_2048_SHA512, // ElGamal 2048-bit with SHA-512
ELGAMAL_3072_SHA512 // ElGamal 3072-bit with SHA-512
};
}Members
ECIES Schemes
ECIES_P256_AES_128_GCM
Value: encryption_scheme::ECIES_P256_AES_128_GCM
ECIES with NIST P-256 curve and AES-128-GCM symmetric encryption.
Security Level: 128-bit
Key Size: 256-bit ECC
Symmetric Cipher: AES-128-GCM
Performance: Excellent
ECIES_P256_AES_256_GCM
Value: encryption_scheme::ECIES_P256_AES_256_GCM
ECIES with NIST P-256 curve and AES-256-GCM symmetric encryption.
Security Level: 128-bit ECC, 256-bit symmetric
Key Size: 256-bit ECC
Symmetric Cipher: AES-256-GCM
Performance: Excellent
RSA Schemes
RSA_2048_OAEP_SHA256
Value: encryption_scheme::RSA_2048_OAEP_SHA256
RSA-2048 with OAEP padding and SHA-256 hash function.
Security Level: 112-bit
Key Size: 2048-bit
Padding: OAEP with SHA-256
Status: Minimum recommended size
Usage
#include <keychain/keychain.h>
// Select encryption scheme for persona
keychain::encryption_scheme scheme = keychain::encryption_scheme::ECIES_P256_AES_256_GCM;
// Create persona with specific scheme
keychain::persona alice = gateway.create_persona(
"alice", "personal",
keychain::security_level::HIGH,
scheme // encryption scheme
);
// Check scheme properties
auto algorithm_class = scheme.get_algorithm_class();
if (algorithm_class == keychain::encryption_algorithm_class::ECIES) {
std::cout << "Using elliptic curve encryption" << std::endl;
}
// Get scheme details
std::string scheme_name = to_string(scheme);
std::cout << "Encryption scheme: " << scheme_name << std::endl;Security Levels and Recommendations
| Scheme | Security Level | Key Size | Performance | Recommendation |
|---|---|---|---|---|
ECIES_P256_AES_128_GCM |
128-bit |
256-bit ECC |
★★★★★ |
Recommended for most applications |
ECIES_P256_AES_256_GCM |
128-bit ECC, 256-bit AES |
256-bit ECC |
★★★★★ |
Recommended for high security |
ECIES_P384_AES_256_GCM |
192-bit |
384-bit ECC |
★★★★☆ |
Future-proof applications |
ECIES_P521_AES_256_GCM |
256-bit |
521-bit ECC |
★★★☆☆ |
Maximum security requirements |
RSA_2048_OAEP_SHA256 |
112-bit |
2048-bit |
★★☆☆☆ |
Legacy compatibility only |
RSA_3072_OAEP_SHA256 |
128-bit |
3072-bit |
★★☆☆☆ |
New RSA applications |
RSA_4096_OAEP_SHA256 |
~140-bit |
4096-bit |
★☆☆☆☆ |
High security RSA |
ELGAMAL_2048_SHA256 |
112-bit |
2048-bit |
★★☆☆☆ |
Specialized use cases |
Algorithm Selection Guidelines
For New Applications
-
ECIES_P256_AES_256_GCM - Best balance of security and performance
-
ECIES_P384_AES_256_GCM - Future-proof with moderate performance impact
-
RSA_3072_OAEP_SHA256 - When RSA is required by standards
For High Security Applications
-
ECIES_P521_AES_256_GCM - Maximum elliptic curve security
-
ECIES_P384_AES_256_GCM - Good balance for sensitive data
-
RSA_4096_OAEP_SHA256 - When RSA is mandated
Performance Considerations
// Performance comparison example
void benchmark_encryption_schemes() {
std::vector<keychain::encryption_scheme> schemes = {
keychain::encryption_scheme::ECIES_P256_AES_256_GCM,
keychain::encryption_scheme::ECIES_P384_AES_256_GCM,
keychain::encryption_scheme::RSA_3072_OAEP_SHA256
};
for (auto scheme : schemes) {
auto start = std::chrono::high_resolution_clock::now();
// Perform encryption benchmark
for (int i = 0; i < 1000; ++i) {
// Encrypt test data with scheme
}
auto end = std::chrono::high_resolution_clock::now();
auto duration = std::chrono::duration_cast<std::chrono::milliseconds>(end - start);
std::cout << "Scheme " << to_string(scheme)
<< ": " << duration.count() << "ms" << std::endl;
}
}Ciphertext Size Comparison
| Scheme | Plaintext Size | Ciphertext Size | Overhead |
|---|---|---|---|
ECIES_P256_AES_128_GCM |
1KB |
~1.1KB |
~65 bytes |
ECIES_P384_AES_256_GCM |
1KB |
~1.1KB |
~97 bytes |
RSA_2048_OAEP_SHA256 |
214 bytes max |
256 bytes |
Fixed size |
RSA_3072_OAEP_SHA256 |
318 bytes max |
384 bytes |
Fixed size |
ELGAMAL_2048_SHA256 |
1KB |
~2KB |
100% expansion |
Related Types
-
encryption_algorithm_class - Algorithm families
-
security_level - Security level configuration
-
cipher - Symmetric ciphers used in hybrid schemes
See Also
-
gateway - Encryption operations
-
encrypted_data - Encrypted data containers
-
{nist-sp-800-57}[NIST SP 800-57] - Key management recommendations
-
{rfc-3447}[RFC 3447] - RSA PKCS#1 specification