How do you encrypt large io.Reader streams?

agolangf · · 471 次点击    
这是一个分享于 的资源,其中的信息可能已经有所发展或是发生改变。
<p>I have some large files I would like to AES encrypt before sending over the wire or saving to disk. While it seems possible to <a href="https://golang.org/src/crypto/cipher/example_test.go#L335" rel="nofollow">encrypt streams</a>, there seems to be <a href="https://stackoverflow.com/questions/39378051/making-gcm-cbc-ciphers-streamable-in-golang" rel="nofollow">warnings</a> against <a href="https://www.imperialviolet.org/2014/06/27/streamingencryption.html" rel="nofollow">doing this</a> and instead people recommend splitting the files into chunks and using GCM or crypto/nacl/secretbox. </p> <p>.</p> <blockquote> <p>Processing streams of data is more difficult due to the authenticity requirement. We can’t encrypt-then-MAC: by it’s nature, we usually don’t know the size of a stream. We can’t send the MAC after the stream is complete, as that usually is indicated by the stream being closed. We can’t decrypt a stream on the fly, because we have to see the entire ciphertext in order to check the MAC. Attempting to secure a stream adds enormous complexity to the problem, with no good answers. The solution is to break the stream into discrete chunks, and treat them as messages. - <a href="https://leanpub.com/gocrypto/read" rel="nofollow">https://leanpub.com/gocrypto/read</a></p> </blockquote> <p>.</p> <blockquote> <p>Files are segmented into 4KiB blocks. Each block gets a fresh random 128 bit IV each time it is modified. A 128-bit authentication tag (GHASH) protects each block from modifications. - <a href="https://nuetzlich.net/gocryptfs/forward_mode_crypto/" rel="nofollow">https://nuetzlich.net/gocryptfs/forward_mode_crypto/</a></p> </blockquote> <p>.</p> <blockquote> <p>If a large amount of data is decrypted it is not always possible to buffer all decrypted data until the authentication tag is verified. Splitting the data into small chunks fixes the problem of deferred authentication checks but introduces a new one. The chunks can be reordered... ...because every chunk is encrypted separately. Therefore the order of the chunks must be encoded somehow into the chunks itself to be able to detect rearranging any number of chunks. - <a href="https://github.com/minio/sio" rel="nofollow">https://github.com/minio/sio</a></p> </blockquote> <p>.</p> <p>The only implementation I could find was <a href="https://github.com/SermoDigital/boxer" rel="nofollow">https://github.com/SermoDigital/boxer</a> which only has 9 stars on the repo and no activity for a couple years.</p> <p>Can anyone with actual cryptography experience point me in the right direction? I don&#39;t want to roll some half-baked encryption.</p> <hr/>**评论:**<br/><br/>mcouturier: <pre><p>One alternative is solving the problem on the infrastructure. Using tunnels, VPNs or encrypted file systems.</p></pre>

入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889

471 次点击  
加入收藏 微博
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传