Efficient File Encryption & Decryption

[cnasikas]

Hi

First of all I would like to thank you for this great crypto library!

I am opening this issue for guidance and discussion.

Goal:

Encrypt/decrypt efficiently and securely a file.

Requirements:

1. Support big files (let's say at least 2GB)
2. Use ccm, gcm or obc ciphers.
3. Support nodejs streams
4. Platform: Nodejs

Experiments:

Encrypt a 400mb file with sjcl.encypt(key, wholeTextFile). That's takes a lot of memory and it is inefficient.

So I was wondering if it is possible to encrypt chunks of the file having the same security guarantees as sjcl.encrypt

Sketch:

const { Transform } = require('stream')

class FileEncryptStreamer extends Transform {
    _transform (chunk, encoding, callback = () => {}) {
        this.push(sjcl.encryptChunk(chunk)) // encryptChunk function does not exist. That's what we try to implement
        callback()
    }
}

let iv = sjcl.codec.hex.fromBits(sjcl.random.randomWords(4)) //128 bit iv
const frs = fs.createReadStream('file.txt', {highWaterMark: 16}) //chunk size
const fws = fs.createWriteStream('file.enc')
const fes = new FileEncryptStreamer(symmetricKey, hmacKey, Buffer.from(iv, 'hex'))

frs.pipe(fes).pipe(fws)

Questions:

1. Can I use sjcl.encrypt or sjcl.mode.ccm.encrypt directly to every chunk ?
2. What about the different iv that need to be saved ? Maybe an initial iv and a counter could solve the issue.
3. What about the hmac of every chunk ? Can I have a globally ?
4. What size chunk is proper ?

Thanks a lot!!

[marciot]

I second this request. I would like to be able to run HMAC on multi-megabyte files.