Using Jeroen's openssl package, the general config interface can stay the same.

cc: @gaborcsardi -- would that be enough for use case? Happy to chat about this Monday.

I think so.

Also, hadley/secure might have what I need, actually. These projects seem very similar, and if you prefer keeping encryptr sodium-only, I can just use secure. It might make sense to keep this one sodium-only, for simplicity.

Yeah, Jeroen and I have been talking about where overlap exists. The focuses are a bit different I think (this one is targeted at researchers dealing with lots of encrypted data and has transparent interfaces for loading it whereas hadley/secure seems more for handling a few bits of secure tokens and interacting with other systems that use them). According to Jeroen, sodium is much faster than rsa but I've not actually done the comparison.

It's also that RSA can only encrypt messages up to it's own key size, for example 256 bytes for a 2048 bit key. After that you manually need to combine it with some other method such as AES to encrypt larger blobs, which is a bit annoying. Sodium has native methods for authenticated encryption on arbitrary sized data, so it's both easier and more flexible.

@jeroenooms The way secure works, this is not an issue as I understand. It uses a symmetric AES master key to encrypt the data.