In general, using the output of a KDF as the key for symmetric encryption is fine.
Alex On Fri, Jan 10, 2025 at 5:01 PM Sriram R via Cryptography-dev <cryptography-dev@python.org> wrote: > > Hello, > > I'm generating a key using Scrypt from a password supplied by the user. I > then use this key as follows. This works but my question to the experts: is > this an acceptable way to use the AESGCMSIV cipher? Am I doing something > that's fundamentally against best practices? In the examples on the > Cryptography site, the sample code snippet uses AESGCMSIV.generate_key() > method to generate the key instead. The requirement I have is to generate the > key that's based on a password. > > def gen_salt(size=32): > return secrets.token_bytes(size) > > def der_key(salt, password): > kdf = Scrypt(salt=salt, length=32, n=2**20, r=8, p=1) > return kdf.derive(password.encode()) > > def gen_symmkey(salt, password): > symmkey = der_key(salt, password) > return symmkey > > key = gen_symmkey(salt, password) > aesgcmsiv = AESGCMSIV(key) > > ct = aesgcmsiv.encrypt(nonce, file_data, aad) > with open(fname, "wb") as outfile: > outfile.write(ct) > > Best, > PE > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev@python.org > https://mail.python.org/mailman/listinfo/cryptography-dev -- All that is necessary for evil to succeed is for good people to do nothing. _______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
