I'm new to encryption and cryptography, I was wondering if there is a good or best suited AES mode for file encryption (Planning on zipping a folder and encrypt it as a file). If there is, how complex is it and is it easy to implement on python (preferred language)? Thank you.
Asked
Active
Viewed 6,224 times
2 Answers
3
Since you zip the directory before encryption, we can assume that the compressed directory now is random file. You can use CBC mode or CTR mode. However, these modes are not providing any authentication.
You should use authenticated encryption mode as AES-GCM.
There is another issue waits for you. How do you derive cryptographic keys from the user's password? The common method is using a KDF function as PBKDF2 or Argon2.
You generate a random AES key and encrypt the zip file with it. After the encryption, encrypt the AES key with the key derived from the user's passwords with KDF and store it together with the encrypted file.
For the random bytes generation, at least, you should use urandom.
Python has AES-GCM and PBKDF2. You can find the example codes as here and here
kelalaka
- 49,797
- 12
- 123
- 211
1
I prefer AES GCM because GCM is an authenticated encryption mode (in contrast to CBC or CTR which are not). However, the one significant limitation with GCM is don't encrypt more than 64 GB of data with a single key/IV pair.
Authenticated encryption does not mean that you can tell that a specific person encrypted the file, but it does mean that you can determine if the file has been corrupted (accidentally or intentionally). This is something that most other encryption modes do not provide. You can add this functionality by implementing some sort of MAC (e.g. HMAC), but that's extra work for you.
Swashbuckler
- 2,126
- 11
- 8