How would I go about attempting to encrypt a file in elixir? I need to store some sensitive information in a text file such as a .dat but the information can only be decrypted if you have the passphrase to unlock the contents of the file. I’ve tried looking at :crypto but I don’t really understand it.
This answer seems to be what I’m looking for but I don’t know if it really does what I want it to. I would simply use Base.decode64(:crypto.block_decrypt(:aes_ecb, key, input)) to decrypt the data?
I would go with GnuPG (Gnu Privacy Guard, https://www.gnupg.org/), possibly calling it directly from the command line, or use some wrapper. Googling found this https://github.com/rozap/exgpg which does not look maintained but it may work, or give you idea how to call the tool.
I use GnuPG for stuff like encrypting backup files from shell scripts and it is outstanding.
If you do not understand crypto module, then don’t implement encrypting files on your own, because it is almost 100% sure that you will do something wrong (like using ECB mode, which you did in your example). Do as @hubertlepicki said and use external tools that do this for longer, they do it better, and have broader knowledge of cryptography (and even despite that they sometimes do something in the wrong way).
I should have an Elixir native, dependency free implementation of the AESCrypt file format somewhere. Not exactly the pinnacle of proven, peer reviewed standards, but better than most roll-your-own attempts. Your weakest link even with the strongest algorithms is going to be keeping the pass phrase secure.
I’ll check tomorrow if my code is in any shape to be published…
Please beware that AES Crypt is not quite a substitute for a tool like GPG. Don’t use it for highly sensitive data, just for ‘casual protection’.
It does implement key wrapping, unlike other file encryption packages I saw on Hex, but the KDF is proprietary and relatively weak by today’s standards, possibly enabling brute force attacks on modern hardware. Make sure you use strong passwords to limit that risk.
I could add support for PBKDF2, but that would break interoperability with other tools.