[Cryptography-dev] How to encrypt-decrypt a file?
Paul Kehrer
paul.l.kehrer at gmail.com
Sun Nov 13 14:30:30 EST 2016
Hi Virgil,
If you're dealing with a small file (where small is defined as "amount
you're willing to buffer in memory") then you can just read the file,
encrypt it using Fernet, and then write the results to disk.
If the file is bigger then you'll want to read the file in chunks, pass
those chunks to a cipher context (see the symmetric encryption docs), and
write the results from "update" to a separate file incrementally. Note that
finalize can also yield bytes so don't forget to write those as well.
If you need to do the latter option you should either use an authenticated
encryption mode (like GCM) or do an HMAC of the encrypted bytes as well.
When decrypting you'll then either pass the GCM tag to the decrypt context
or verify the HMAC yourself. This prevents tampering with the ciphertext,
but bear in mind you don't have verification that the data has not been
modified until you process the entire file. Fernet does all this for you,
which is why it's preferable if your files are small.
-Paul Kehrer (reaperhulk)
On November 13, 2016 at 7:03:49 AM, Virgil Stokes (vs at it.uu.se) wrote:
I have looked at all the documentation and postings that I could find on
cryptography and still have been unable to find how to use it with file(s).
Anyone's help on this would be greatly appreciated.
--V
_______________________________________________
Cryptography-dev mailing list
Cryptography-dev at python.org
https://mail.python.org/mailman/listinfo/cryptography-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20161113/6cc9193c/attachment.html>
More information about the Cryptography-dev
mailing list