[Cryptography-dev] Recipe for files?

Thu Nov 20 18:11:06 CET 2014

Stefan,

We’ve talked in the past about a recipe for file encryption. The general consensus has been that the project would prefer to implement an existing spec rather than creating one so for now I’m afraid creating your own is probably the “best” path unless you’re familiar with a standardized format that does this?

If you do choose to implement your own I’d suggest implementing it on top of Fernet using a frame* size that you consider to be a good trade off between ciphertext length per frame and the size of the HMAC. Ideally a spec similar to https://github.com/fernet/spec could come out of it.

-Paul Kehrer

* I’ve been using frame when talking about this type of encryption to avoid confusing it with the native block size of a block cipher, but record (like a TLS record) would be equally descriptive.
On November 20, 2014 at 6:27:07 AM, Stefan Pochmann (stefan.pochmann at gmail.com) wrote:

I like the Fernet recipe, but I'd like a better recipe for files. One that doesn't want the entire message at once (bad for big files) and that doesn't bloat with base64. Should I do it myself with "hazardous materials" (I might adapt the Fernet code) or will you maybe add such a recipe soon?

Something like this maybe:

f = SomethingLikeFernetButForFiles(key)
for block in f.encrypt(filename, blocksize):
    myhandling(block)

Or with a handler parameter:

f = SomethingLikeFernetButForFiles(key)
f.encrypt(filename, blocksize, myhandling)

Stefan
_______________________________________________  
Cryptography-dev mailing list  
Cryptography-dev at python.org  
https://mail.python.org/mailman/listinfo/cryptography-dev  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20141120/d881fb4e/attachment-0001.html>