The best way to use cryptography is not to do it yourself.
Do not roll your own crypto and here is a good answer why.
Cryptography is hard. There are so many things that can go wrong and even experienced security developers, like those working on OpenSSL, can make mistakes.
State of the Art
Contemporary school of thought suggests that developers shouldn’t be bothered with cryptographic functions, rather they should use libraries with high-level APIs to solve their problems. A prominent example of this philosophy is the NaCl: Networking and Cryptography library from the early 2010s by Bernstein et al.
A typical cryptographic library is a collection of many different functions and supports a plethora of parameter sets. It is left to the software developer to choose from these functions and parameters, and combine them in a way that offers the desired security. These choices come with various pitfalls, not only because most libraries still contain highly insecure functions for ‘historical’ or ‘compatibility’ reasons, but also because it is easy to combine secure functions in an insecure way. The Eindhoven researchers have found that this level of complication is unnecessary for most applications. NaCl offers an easy-to-use high-level interface for exactly what applications need: secure authenticated encryption. The underlying functions and parameters are chosen by experts in cryptography, namely the NaCl designers.
— NaCl authors for Research Plaza, 2013
It is a very successful project, which has been forked and extended into
libsodium. This line of thinking has sprung off other libraries following the same principle, e.g.
PASETO - security tokens library.
Rule of Thumb
Use libraries with high-level APIs to protect your data. Generally, platforms and frameworks already provide services with simple APIs to solve your problem. If that is not the case, you can use libraries like
libsodium that are portable and have bindings for many programming languages and environments.
Example Libraries and Services
Libsodium is a library for encryption, decryption, signatures, password hashing that provides a simple to use API, without the need to know the algorithms or their parameters. The chance is that you will find bindings for your platform and programming language of choice.
Libhydrogen is basically
libsodium for constrained environments (e.g. microcontrollers).
ASP.NET Core Data Protection is an example for framework-specific service that provides a simple interface with two methods to
Crypto 101 by lvh is the one book I’ve found that specifically targets developers. It’s an open-source project, which makes it very easy to reference in training materials and send developers to, when they want to read more about cryptography.
Cryptographic Right Answers from Latacora is a very helpful read, if you are somewhat familiar with cryptography, but you are wondering which cryptographic functions and algorithms to use.