[Sir_Cmpwn]

I don't necessarily disagree, but at some point the buck has to stop, right? How would you implement this any other way? The author didn't implement AES or so on himself, he uses standard library encryption and applies it as appropriate. You should probably report the issues you find to federico.ceratto-at-gmail.com (from Github).

[timmclean]

The author should use a library that provides a simple "encryptWithPublicKey" method, so that any choices about RSA key size, AES mode of operation, etc are all taken care of. NaCl[1] would probably be best, since it's written and audited by prominent cryptographers.

[1] http://nacl.cr.yp.to/

[xrcltr]

There are a tremendous number of other ways this could be implemented.

Authenticated encryption? GCM? XTS? Salt the CFB? Guard against interblock attacks?

The crypto needs to be completely reworked. This is an asymmetric kek around symmetric encryption, which is done in many other projects.

Half-backed crypto such as this is worse than no crypto at all, as it lulls people into believing they are using a valid cryptographic system. But, the project implements (poorly) a subset of what is needed and pushes the rest into application code - but app writers don't know this and wouldn't know what to implement even if they know of the shortcomings.

Cryptographers see this all the time. People think they invented a new concept but only implemented a well-known design but did it incompletely and with well-known flaws in the crypto. Then, people defend the system, when it would be far easier to use better primitives.

[lotyrin]

You could make this a frontend to an existing system like GPG

[marbu]

It looks like OP has that in the roadmap. Unfortunately it also seems that the last work has been done in 2013.