Hello,
I'm generating a key using Scrypt from a password supplied by the user. I
then use this key as follows. This works but my question to the experts: is
this an acceptable way to use the AESGCMSIV cipher? Am I doing something
that's fundamentally against best practices? In the examples on the
Cryptography site, the sample code snippet uses AESGCMSIV.generate_key()
method to generate the key instead. The requirement I have is to generate
the key that's based on a password.
def gen_salt(size=32):
return secrets.token_bytes(size)
def der_key(salt, password):
kdf = Scrypt(salt=salt, length=32, n=2**20, r=8, p=1)
return kdf.derive(password.encode())
def gen_symmkey(salt, password):
symmkey = der_key(salt, password)
return symmkey
key = gen_symmkey(salt, password)
aesgcmsiv = AESGCMSIV(key)
ct = aesgcmsiv.encrypt(nonce, file_data, aad)
with open(fname, "wb") as outfile:
outfile.write(ct)
Best,
PE
_______________________________________________
Cryptography-dev mailing list
Cryptography-dev@python.org
https://mail.python.org/mailman/listinfo/cryptography-dev
