I’m developing an app for representatives to fill out applications which will contain personal info, and one of the requirements is that “files will be encrypted with supplied encryption key compliant with PCI”. As far as I can see Haxe only has simple encryption tools that don’t allow for supplying a key… am I getting this wrong?

Haxe doesn’t have encryption algorithm in its std no,
this library https://github.com/cbatson/hxBitcoin have some,
but I’m not an expert on the domain so I can’t tell from the list of algorithm if that fits your need.

Ummm, loading file as bytearray and use compress method on it and save it should do the trick… at least for me.

Thanks for the tip. So I would basically be zipping the file with the content. That doesn’t sound PCI compliant though… would it be?

Well maybe not :’( I guess for commercial business stuff you need something more serious

Yeah that’s what I figured. Thanks for the help anyway.

Haxe is not really designed for security critical applications. You should take a look at BCrypt and SCrypt, which have functions to hash passwords.

If the application is web-based, take a look at this article on PHP, and this article if using ASP.NET or a .NET-based solution. Arguably, .NET based solutions are better for security-critical applications as it is professionally maintained by security experts.

If you’re using MySQL databases for storing data, also be sure to take a look at this and please don’t use OpenSSH, because the NSA has been exploiting it, and because of that I can only assume hackers have this information as well.

For saving data locally, you can use a mixture of compressing the data followed by an additional layer of security requiring users to type in a password before accessing the file in the respective application.

brutalexcess, thanks for the detailed explanation.