Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

File::encrypt implementation vs secretstream #135

Open
stidges opened this issue Jun 4, 2019 · 2 comments
Open

File::encrypt implementation vs secretstream #135

stidges opened this issue Jun 4, 2019 · 2 comments
Labels
community crypto end user support left-open-for-visibility This is either already fixed, or the solution is easily understood. Leaving open for easy discovery.

Comments

@stidges
Copy link

stidges commented Jun 4, 2019

First of all thank you for this comprehensive library and the libsodium guide, I've been deep diving into it lately and these really helped me to understand the library better!

When reading through the libsodium documentation I came across the sodium_crypto_secretstream_* methods. These methods allow the user to encrypt/decrypt streams easily (reference implementation from the readme). I was wondering, do you think these methods are a good option to use for encrypting and decrypting files, or do you think the File::encrypt(...) implementation Halite provides is a more secure option?

@paragonie-scott
Copy link
Member

Having recently ported these APIs to sodium_compat, my opinion is: You should probably use secretstream.

They both solve the problem securely, but Halite is currently only implemented in PHP.

@paragonie-security paragonie-security added community crypto end user support left-open-for-visibility This is either already fixed, or the solution is easily understood. Leaving open for easy discovery. labels Feb 2, 2020
@alecwcp
Copy link

alecwcp commented Feb 26, 2020

@paragonie-scott Could you explain why secretstream is preferable to using File::encrypt(...)?
From what I can see File::encrypt(...) uses sodium_crypto_stream_xor - is there any reason for using this rather than using the sodium_crypto_secretstream_* methods as used here https://github.com/jedisct1/libsodium-php#encrypt-a-file-using-a-secret-key ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
community crypto end user support left-open-for-visibility This is either already fixed, or the solution is easily understood. Leaving open for easy discovery.
Projects
None yet
Development

No branches or pull requests

4 participants