Encryption/decryption package

Laco_Kovac · April 19, 2021, 7:33am

I have quite big String (~20M). It needs to be encrypted and downloaded as a file and then, eventually, uploaded back, decrypted & used. Encryption key or password belongs to the application/server (i.e. it is not specific to the user logged in).

What would be the best and simple to use package to achieve this?

Thank you

fredrikekre · April 19, 2021, 8:52am

You can use OpenSSL:

using OpenSSL_jll

passphrase = "hunter2"
encrypter = `$(openssl()) enc -aes-256-cbc -pbkdf2 -pass pass:$(passphrase)`
decrypter = `$(openssl()) enc -d -aes-256-cbc -pbkdf2 -pass pass:$(passphrase)`

open("hello.txt", "r") do io
    open("hello.txt.encrypted", "w") do io2
        run(pipeline(encrypter, stdin=io, stdout=io2))
    end
end

open("hello.txt.encrypted", "r") do io
    open("hello.txt.decrypted", "w") do io2
        run(pipeline(decrypter, stdin=io, stdout=io2))
    end
end

jzr · April 19, 2021, 8:54am

Age is popular. It can be used on the command line. It doesn’t require configuration, so it’s harder to make a mistake with it.

rikh · April 19, 2021, 7:10pm

Alternatively, it is also possible to use rclone. The following function decrypts a folder which was encrypted via rclone and does so without using a rclone config file. This makes it easier to use in things like CI jobs

function decrypt_data()
    crypt_password = ENV["OBSCURED_ENCRYPTION_PASSWORD"]
    from = joinpath(homedir(), "data")
    to = joinpath(homedir(), "decrypted-data")
    args = [
        "--crypt-password=$crypt_password",
        "--crypt-remote=/",
        "--crypt-filename-encryption=off",
        "--crypt-directory-name-encryption=false",
        "copy",
        ":crypt:$from",
        to
    ]
    Rclone_jll.rclone() do bin
        run(`$bin $args`)
    end
end

Laco_Kovac · April 24, 2021, 8:45am

fredrikekre:

passphrase = "hunter2"
encrypter = `$(openssl()) enc -aes-256-cbc -pbkdf2 -pass pass:$(passphrase)`
decrypter = `$(openssl()) enc -d -aes-256-cbc -pbkdf2 -pass pass:$(passphrase)`

open("hello.txt", "r") do io
    open("hello.txt.encrypted", "w") do io2
        run(pipeline(encrypter, stdin=io, stdout=io2))
    end
end

Thank you, but openssl() requires ::Function parameter:

julia> encrypter = `$(openssl()) enc -aes-256-cbc -pbkdf2 -pass pass:$(passphrase)`
ERROR: MethodError: no method matching openssl()
Closest candidates are:
  openssl(::Function; adjust_PATH, adjust_LIBPATH) at .julia\packages\JLLWrappers\bkwIo\src\products\executable_generators.jl:5

fredrikekre · April 24, 2021, 8:48am

You probably run an old version of OpenSSL_jll then. I used version v1.1.1+6.

Laco_Kovac · April 24, 2021, 8:55am

Me too…

(@v1.5) pkg> add OpenSSL_jll
   Updating registry at `.julia\registries\General`
  Resolving package versions...
Updating `.julia\environments\v1.5\Project.toml`
  [458c3c95] + OpenSSL_jll v1.1.1+6
Updating `.julia\environments\v1.5\Manifest.toml`
  [458c3c95] + OpenSSL_jll v1.1.1+6

fredrikekre · April 24, 2021, 10:01am

Looks like you are usting Julia 1.5 though.

Laco_Kovac · April 24, 2021, 10:32am

Yes. I cannot upgrade myself; whole team would have.
Julia 1.5 will not work with OpenSSL_jll v1.1.1+6 ?

fredrikekre · April 24, 2021, 10:40am

Ok, here is the Julia 1.5 version:

using OpenSSL_jll

passphrase = "hunter2"

open("hello.txt", "r") do io
    open("hello.txt.encrypted", "w") do io2
        openssl() do prog
            encrypter = `$(prog) enc -aes-256-cbc -pbkdf2 -pass pass:$(passphrase)`
            run(pipeline(encrypter, stdin=io, stdout=io2))
        end
    end
end

open("hello.txt.encrypted", "r") do io
    open("hello.txt.decrypted", "w") do io2
        openssl() do prog
            decrypter = `$(prog) enc -d -aes-256-cbc -pbkdf2 -pass pass:$(passphrase)`
            run(pipeline(decrypter, stdin=io, stdout=io2))
        end
    end
end