Research Article
A Usability Study of Cryptographic API Design
@INPROCEEDINGS{10.1007/978-3-030-91424-0_12, author={Junwei Luo and Xun Yi and Fengling Han and Xuechao Yang}, title={A Usability Study of Cryptographic API Design}, proceedings={Quality, Reliability, Security and Robustness in Heterogeneous Systems. 17th EAI International Conference, QShine 2021, Virtual Event, November 29--30, 2021, Proceedings}, proceedings_a={QSHINE}, year={2021}, month={11}, keywords={Cryptography Usability analysis Cryptographic APIs}, doi={10.1007/978-3-030-91424-0_12} }- Junwei Luo
Xun Yi
Fengling Han
Xuechao Yang
Year: 2021
A Usability Study of Cryptographic API Design
QSHINE
Springer
DOI: 10.1007/978-3-030-91424-0_12
Abstract
Software developers interact with cryptographic components via APIs provided by a cryptographic library to protect sensitive information such as passwords and files. While cryptographic algorithms have been standardised for over a decade, with variety of crypto libraries that implemented the algorithm, many developers struggle to use the library correctly. This paper evaluates 6 different cryptographic libraries written in 3 different programming languages to find out what factors affect usability. We analyse the usability of surveyed libraries with regards to its API call sequence, number of parameters, exception handling mechanism and documentation. In the end, several recommendations are provided to help developers choose which library to use and more importantly, this paper showcases a few common pitfalls for library designers to prevent common misuses when designing a cryptographic library.
