[Haskell-cafe] Encrypting streamed data
David Turner
dct25-561bs at mythic-beasts.com
Thu Jul 6 06:40:12 UTC 2017
Hi,
I do not know of a library to do this, sorry. Note that the way public-key
crypto works in a streaming fashion is typically to use the public-key bit
only to encrypt a key for a symmetric cipher and then use the (much-faster)
symmetric encryption for the actual data. The symmetric bit could well be
something like AES256-CBC or AES256-CTR.
This means that the format of the resulting data is a bit
implementation-defined as it has to include the asymetrically-encrypted
data first, followed by the stream of symmetrically-encrypted data. GnuPG
includes quite a bit of metadata in its files that describes the algorithms
used and delimits the pieces, so if you want the resulting files to be
GnuPG-compatible you'll need to take this into account.
If it were me, I'd probably just shell out to `gpg`. It's fast and low-risk.
Hope that helps,
David
On 6 Jul 2017 05:59, "Ivan Lazar Miljenovic" <ivan.miljenovic at gmail.com>
wrote:
I have a use case for needing to use public key cryptography to
encrypt a large amount of data in a streaming fashion (get it out of a
DB, encrypt, put into an AWS S3 bucket).
The command-line gpg tool seems to be able to encrypt/decrypt data
from stdin to stdout in a streaming fashion, but in my attempts to use
it it seems very file-based for things like the keys to use (whereas I
would prefer to be able to pass the public key as an actual value
rather than a file; if nothing else because this is for tools that
don't have email addresses to use and base their keys on for
addressing).
Is there an existing library that can achieve this using
conduit/pipes/whatever? cryptonite-conduit only covers hashing,
hOpenPGP is poorly documented and I can't work out how to use it
("just follow the types" is difficult when Haddock docs don't link to
the required types (seems to be because it uses the "import Module as
X" trick for re-exporting everything but then everything from those
modules isn't available).
Can anyone recommend a solution?
--
Ivan Lazar Miljenovic
Ivan.Miljenovic at gmail.com
http://IvanMiljenovic.wordpress.com
_______________________________________________
Haskell-Cafe mailing list
To (un)subscribe, modify options or view archives go to:
http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
Only members subscribed via the mailman list are allowed to post.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/haskell-cafe/attachments/20170706/3f74cdd5/attachment.html>
More information about the Haskell-Cafe
mailing list