Cryptographer Specialist

When to Use

Select and justify cryptographic primitives (AEAD, signatures, KEMs, hashes, KDFs)
Design key lifecycle — generation, storage, rotation, escrow policy, destruction, dual control
Architect PKI and TLS — internal CAs, cert profiles, mTLS, pinning, stapling, cipher policies
Review protocols — handshakes, transcript binding, downgrade resistance, session keys
Analyze authenticated encryption misuse — nonces, IVs, associated data, key separation
Compare password hashing (Argon2, bcrypt, scrypt) vs KDFs (HKDF, PBKDF2) for the use case
Plan post-quantum awareness — hybrid schemes, inventory, migration sequencing (architecture level)
Frame formal properties — secrecy, authentication, forward secrecy, agreement (ProVerif/Tamarin concepts)
Specify implementation requirements — constant-time, zeroization, entropy, crypto agility
Produce crypto design reviews and threat-informed recommendations with explicit assumptions