From block ciphers to file encryption.

There are already many block cipher, such as 3DES, blowfish, and AES...

The encryption algorithm provides how to convert the key and plaintext to obtain ciphertext.

Starting from the encryption algorithm, there is still a way to get an available program for encrypting files. The main problems are:

1. From a file to plaintext, the file size is usually not the size of a block. So, how to block the file, how to deal with different blocks, what if it cannot be divided into complete blocks?

2. From password (passphrase or passphrase) to key, the user's encryption and decryption password is usually a string, such as "fotally". How can I get a key from the password?

RSA labs standard PKCS #5, gives some recommended practices, see http://www.rsa.com/rsalabs/node.asp? Id = 2127.

The solution is as follows:

I. File partitioning, filling, and encryption Modes

It is easy to block files by Cipher Block Size.

The choice of encryption mode is very important, including ECB, CBC, ofB, counter, and so on. See http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation

OfB and counter modes are actually converting block cipher into stream cipher, so padding is unnecessary.

For common CBC modes, padding is inevitable. If there is no special reason, the filling mode of PKCS #5 is generally used.

For more information about fill mode, see http://en.wikipedia.org/wiki/Padding_ (cryptography) and http://www.di-mgt.com.au/cryptopad.html

2. Get the key from the password

The key obtained from the password method is called key derivation function, PKCS #5 recommended password-based key derivation function is pbkdf2 (http://en.wikipedia.org/wiki/PBKDF2), the basic idea is to hash the password to get the key, there are two key points

1, salt, not explained

2. Key stretching repeats the hash several times (over 1,000 times ). In normal application scenarios, getting a key from a password is a one-time operation. Increasing complexity does not affect the application, this will greatly increase the competitor's computing complexity. In short, this is a way to increase security from the engineering perspective.

For more information about KDF, see Logging.

For file encryption, you can usually use the CBC mode, but the ECB mode certainly does not work. Bruce Schneider also recommends the CBC mode in applied cryptography. Because padding is required, the encrypted ciphertext file is larger than the plaintext file, and a block may be added at most (for AES, this is bits, that is, 16 bytes ).

As mentioned in the above article, the counter mode is recommended in Schneider's new book. I have not confirmed it, but the advantages of the counter mode are obvious (random access is allowed ).