<div dir="auto">Apologies, just seen the bit about wanting to pass the key in directly rather than using the GPG keyring because there are no email addresses attached to your various keys.<div dir="auto"><br></div><div dir="auto">Maybe a silly question, but can you give them email addresses to identify them in a GPG-compatible manner? They don't have to have associated mailboxes so the addresses can be totally made-up.</div><div dir="auto"><br></div><div dir="auto">If not, I'd probably start to look to something like openssl to do the symmetric encryption and manage the keys for that separately. It looks possible to build a streaming AES implementation using the nonstreaming functions in `cryptonite`, but the usual recommendation is that its far too risky to do any low-level crypto yourself so this seems like a bad idea.</div><div dir="auto"><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 6 Jul 2017 07:40, "David Turner" <<a href="mailto:dct25-561bs@mythic-beasts.com">dct25-561bs@mythic-beasts.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div dir="auto">Hi,<div dir="auto"><br></div><div dir="auto">I do not know of a library to do this, sorry. Note that the way public-key crypto works in a streaming fashion is typically to use the public-key bit only to encrypt a key for a symmetric cipher and then use the (much-faster) symmetric encryption for the actual data. The symmetric bit could well be something like AES256-CBC or AES256-CTR.</div><div dir="auto"><br></div><div dir="auto">This means that the format of the resulting data is a bit implementation-defined as it has to include the asymetrically-encrypted data first, followed by the stream of symmetrically-encrypted data. GnuPG includes quite a bit of metadata in its files that describes the algorithms used and delimits the pieces, so if you want the resulting files to be GnuPG-compatible you'll need to take this into account.</div><div dir="auto"><br></div><div dir="auto">If it were me, I'd probably just shell out to `gpg`. It's fast and low-risk.</div><div dir="auto"><br></div><div dir="auto">Hope that helps,</div><div dir="auto"><br></div><div dir="auto">David</div><br><div class="gmail_extra" dir="auto"><br><div class="gmail_quote">On 6 Jul 2017 05:59, "Ivan Lazar Miljenovic" <<a href="mailto:ivan.miljenovic@gmail.com" target="_blank">ivan.miljenovic@gmail.com</a>> wrote:<br type="attribution"><blockquote class="m_-4707203818142865240quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I have a use case for needing to use public key cryptography to<br>
encrypt a large amount of data in a streaming fashion (get it out of a<br>
DB, encrypt, put into an AWS S3 bucket).<br>
<br>
The command-line gpg tool seems to be able to encrypt/decrypt data<br>
from stdin to stdout in a streaming fashion, but in my attempts to use<br>
it it seems very file-based for things like the keys to use (whereas I<br>
would prefer to be able to pass the public key as an actual value<br>
rather than a file; if nothing else because this is for tools that<br>
don't have email addresses to use and base their keys on for<br>
addressing).<br>
<br>
Is there an existing library that can achieve this using<br>
conduit/pipes/whatever? cryptonite-conduit only covers hashing,<br>
hOpenPGP is poorly documented and I can't work out how to use it<br>
("just follow the types" is difficult when Haddock docs don't link to<br>
the required types (seems to be because it uses the "import Module as<br>
X" trick for re-exporting everything but then everything from those<br>
modules isn't available).<br>
<br>
Can anyone recommend a solution?<br>
<font color="#888888"><br>
--<br>
Ivan Lazar Miljenovic<br>
<a href="mailto:Ivan.Miljenovic@gmail.com" target="_blank">Ivan.Miljenovic@gmail.com</a><br>
<a href="http://IvanMiljenovic.wordpress.com" rel="noreferrer" target="_blank">http://IvanMiljenovic.wordpres<wbr>s.com</a><br>
______________________________<wbr>_________________<br>
Haskell-Cafe mailing list<br>
To (un)subscribe, modify options or view archives go to:<br>
<a href="http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe" rel="noreferrer" target="_blank">http://mail.haskell.org/cgi-bi<wbr>n/mailman/listinfo/haskell-caf<wbr>e</a><br>
Only members subscribed via the mailman list are allowed to post.</font></blockquote></div><br></div></div></div>
</blockquote></div></div>