Hey everyone, as everyone can see, there was some discussion (and guidance) on how to securely encrypt files and as I helped another guy on stackexchange with similar problems I began to realise that this is a very common problem. (Well most people think that crypto has two tasks: securing communication and securing files).
Now I am asking you guys here how could guide people on this subject. 1. We could add functions that do nearly the full job of filenecryption, where a user just would have to provide a PBKDF(/ a KDF), an AEAD cipher (wrapped using AtE class? -> already in CryptoJPM :) ), some key, a filename and that's it. He would then use some filter approach to transmit the data. The class would take care of salts, header data and other stuff. I guess this would solve many problems for many users. (except for those ones needing asymmetric encryption) One could also design the class to provide three different interfaces: "Chaining"(use some strong keying material from some other password-based file), "password-based"(needs salt, others wouldn't), "asymmetric authentication"(user would provide asymmetric key and library would do the job) 2. We could as well (instead?) just set up a nice wiki page that explains the details and approaches to file encryption and let the users do the implementation work. I think providing this kind of information / helper classes (in best case both so I could link from stackexchange in the future to our wiki) would grately increase security as users wouldn't have to think about things like file-encryption (possibly using plain CBC/CFB!!!). So what do you guys think about this concept? (Implementation would be done by me after Fortuna) BR JPM -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
