Stream: general

Topic: encrypt local files


xliiv (Jan 16 2020 at 22:10, on Zulip):

Any crate for encrypting files with a password?

xliiv (Jan 16 2020 at 22:26, on Zulip):

potential solution https://docs.rs/openssl/0.10.26/openssl/aes/index.html

xliiv (Jan 16 2020 at 22:29, on Zulip):

another one
https://docs.rs/themis/0.12.0/themis/secure_cell/index.html

xliiv (Jan 16 2020 at 22:35, on Zulip):

another one https://docs.rs/aes-ctr/0.3.0/aes_ctr/

Elichai Turkel (Jan 18 2020 at 11:49, on Zulip):

Please keep in mind that you must use authenticated encryption (ie aes-gcm / chacha20-poly1305)
I'd either use ring or the aead crate

xliiv (Jan 18 2020 at 12:10, on Zulip):

just learnt what authenticated encryption is, thanks.
makes sense, and i'm going to use.
however, https://docs.rs/ring/0.16.9/ring/index.html looks a bit low-level.. or at least assumes more encryption knowledge than i have..
any example how to use it?

xliiv (Jan 18 2020 at 12:12, on Zulip):

found it? https://gist.github.com/jaysonsantos/117c1f7623a2fb2c39e47f6cf87860a3

xliiv (Jan 18 2020 at 13:55, on Zulip):

can't use Ring crate.. there is no example which could explain it to me
https://github.com/briansmith/ring/issues/418

xliiv (Jan 18 2020 at 13:59, on Zulip):

aead crate (https://github.com/RustCrypto/traits) is also not what i needed, it's some sort of trait collection.. did i found what you're talking about?

xliiv (Jan 18 2020 at 13:59, on Zulip):

@Elichai Turkel

Elichai Turkel (Jan 18 2020 at 14:01, on Zulip):

Yeah ring is somewhat messy.
Look at the table here: https://github.com/RustCrypto/AEADs/blob/master/README.md
My recommendation is if it's meant to run on x86 use aes-gcm if also phones/low resource devices then use chacha20-poly1305 (the first has hardware implementations while the latter is really fast in software)

Elichai Turkel (Jan 18 2020 at 14:03, on Zulip):

If you do want to use ring this is something I wrote a year or so ago which you can look at as example:

https://github.com/elichai/Lorenz/blob/master/src/encryption.rs

xliiv (Jan 18 2020 at 14:19, on Zulip):

finally something speaks my tongue - thanks @Elichai Turkel
i'm a bit concerned about

  1. the content of this https://github.com/RustCrypto/AEADs/tree/master/aes-gcm#security-warning
  2. the count of contributors - only 4

but since i'm working on a toy project, i can live with that..

anyway thanks @Elichai Turkel

Elichai Turkel (Jan 18 2020 at 14:21, on Zulip):

Yep. That's why I proposed ring, I have more trust in ring than that.
On the other hand it's harder to screw up chacha so that might be a better fit

xliiv (Jan 18 2020 at 14:22, on Zulip):

ok, then i'll give ring another chance since i've got a new input which is your Lorenz example

Elichai Turkel (Jan 18 2020 at 14:26, on Zulip):

Ping if you need any help :)

xliiv (Jan 19 2020 at 22:05, on Zulip):

@Elichai Turkel could you look at this code and tell if it's wrong?
https://github.com/briansmith/ring/compare/master...xliiv:aead-example?expand=1

Plus, there are 2 questions, see code comments, do you have answers maybe?

xliiv (Jan 19 2020 at 22:07, on Zulip):

i know you decrypt a bit diffrently in Lorenz, but i couldn't apply your way.. because i was getting error when creating OpeningKey

Elichai Turkel (Jan 19 2020 at 22:34, on Zulip):
  1. PBKDF2 salt should be random IIRC probably best to read the RFC
Elichai Turkel (Jan 19 2020 at 23:42, on Zulip):
  1. About rand_vec the nonce can be public and is usually prepended to the cipher text
Elichai Turkel (Jan 19 2020 at 23:45, on Zulip):
  1. About the last question open_in_place returns you the exact slice that contains the decrypted data, you can either use it or use it to retrieve the length and shorten your Vec
xliiv (Jan 20 2020 at 20:14, on Zulip):

About the last question open_in_place returns you the exact slice that contains the decrypted data, you can either use it or use it to retrieve the length and shorten your Vec

works like a charm - thank you!

probably best to read the RFC

although, i'm not compatible with RFCs (are too generic i prefer code), this one somewhat helped - thanks again!

prepended to the cipher text

i'm going to use it (when i was experimenting with your way of decryption i failed. now i know why.. i only adopted your decryption and not encryption which is why the decryption failed)

xliiv (Jan 20 2020 at 20:53, on Zulip):

i'm going to use it (when i was experimenting with your way of decryption i failed. now i know why.. i only adopted your decryption and not encryption which is why the decryption failed)

yep, confirmed.. i adopted Lorence's both encrypt AND decrypt and now it fucking works! \o/
HUGE thanks @Elichai Turkel

Elichai Turkel (Jan 20 2020 at 21:01, on Zulip):

You're welcome :)

Last update: Jun 07 2020 at 08:10UTC