I would like to know how to store a sensitive file; a credential of sorts. I wan
ID: 650332 • Letter: I
Question
I would like to know how to store a sensitive file; a credential of sorts. I want to password-protect it, obviously. It would be appropriate - in my application - to prompt the user for the password each run. There are proper apps - like SSH - that password-protect private keys and so on, and that's the model and best-practice I'd like to follow.
What is the best-practice for encrypting small files? I'm thinking of generating a random key to encrypt the file with and using a block cipher. And then encrypting this random key with the user's password, and trying to salt and stretch that password.
In the same way that storing password hashes is something you should turn to a proper 'stretching' function like bcrypt/scrypt/PBKDF2 (ideally via a library like Python's passlib) rather than rolling your own, are there proper algorithms and libraries for password-protecting files?
Explanation / Answer
A properly salted cryptographic hash of the password, generated through a secure and slow algorithm such as bcrypt or scrypt, could be directly used as your key (assuming they have the correct size). Salts can be generated randomly on encryption and should be included with the ciphertext.
Bcrypt, for instance, generates a hash of 192 bits (if I am not mistaken); so you could use it directly as an AES key.
If the hash is longer than the size of the key of the desired encryption algorithm you should simply be able to take the first n bits of the hash.
Only encrypting a random key with your password, as you describe, is a redundant extra step that doesn't really add any security.