In my last post I was clutching my pearls over a 13 year old MSDN article that had the gall to be written by somebody not familiar with the proper usage of cryptographic initialization vectors. Some of my fans were nice enough to point out that in all of my histrionic ranting and raving I forgot to say anything useful, like how you’re actually supposed to encrypt a file.
So without further ado, here is how you encrypt and decrypt a file:
$ gpg -c --cipher-algo AES128 [file] # Encrypt$ gpg -d [file].gpg # Decrypt
Anticlimactic, right? It doesn’t even mention IVs, but that’s kind of the point. A tutorial about file encryption that includes manual handing of IVs is kind of like a tutorial about setting up a web server that includes reimplementing TCP. There’s literally no benefit to doing it and you’re almost guaranteed to do it wrong. It’s the difference between encrypting a file and implementing file encryption. The first is a common task for a programmer and the second shouldn’t be attempted by a non-crypto-expert. Microsoft should know better than to conflate the two, especially in a tutorial intended for a lay audience.
This post isn’t supposed to be a tutorial about GPG, but if anybody actually wants to take my advice, please check out the documentation. And if you’re looking to do file encryption in [target programming language], just do the equivalent operations with an OpenPGP implementation in that language.
Oh god no. It has many flaws, the biggest of which is probably the awful key distribution. It just happens to have a decent implementation of file encryption that’s available on just about every platform and in just about every programming language. If you want to be thoroughly confused about this topic, here are Matthew Green and Filippo Valsorda shitting all over PGP.
Alright so now that we’re all clear that when you want to encrypt a file you should just use a mainstream, high-level crypto library and not touch the primitives yourself, here is a basic way to implement file encryption that isn’t completely terrible:
There you go, implementing file encryption in 6 easy steps. If you need a library that contains the primatives mentioned here, OpenSSL is a good option . If you want to decrypt, verify the HMAC by recomputing it from the IV || CT and compare with the given HMAC, then just undo the CBC encryption.
The randomized IV and cipher block chaining achieve semantic security so that we don’t end up leaking information. The HMAC achieves data integrity and authentication. Key stretching with bcrypt makes the key generated from your password slightly less terrible.
If you want to learn by playing around with these things programmatically (and you can tolerate a webapp with a UI designed by hackers) checkout https://id0-rsa.pub/.
Hacker Noon is how hackers start their afternoons. We’re a part of the @AMIfamily. We are now accepting submissions and happy to discuss advertising & sponsorship opportunities.
To learn more, read our about page, like/message us on Facebook, or simply, tweet/DM @HackerNoon.
If you enjoyed this story, we recommend reading our latest tech stories and trending tech stories. Until next time, don’t take the realities of the world for granted!