Question about the key and nonce used in 2021/rust_file_encryption

skerkour / kerkour.com

(Ab)using technology for fun & profit. Programming, Hacking & Entrepreneurship @ https://kerkour.com

https://kerkour.com

Apache License 2.0

463 stars 63 forks source link

Question about the key and nonce used in 2021/rust_file_encryption #43

Closed egbakou closed 1 year ago

egbakou commented 1 year ago

Thanks for sharing these useful samples. My question is: in production, should the key and nonce remain private or just the key (in this case, add the nonce to the cipher text as you did in this blog post https://kerkour.com/rust-file-encryption-chacha20poly1305-argon2)?

sylvain101010 commented 1 year ago

Hi @egbakou ,

With XChaCha20Poly1305 (or AES-256-GCM if that matters) the nonce does not need to be kept secret.

It can be appended to the ciphertext like in the previous blog post, or distributed as metadata (I think the latter is more common in the real world: you get the encrypted file, and some metadata as JSON such as the fileID, the encrypted filename, the nonce... whatever your application requires)

egbakou commented 1 year ago

Thank you for your response @skerkour 🙂