Score:0

Using AES.MODE_EAX for AES Encryption

ga flag

I am currently attempting to perform AES encryption in Python on a larger size file for simulation purposes. At the moment, I have been trying to use AES.MODE_EAX, as mentioned in the documentation for AES:

https://pycryptodome.readthedocs.io/en/latest/src/cipher/aes.html

I wanted to check what the correct way of approaching encryption of the file would be.

At the moment, I am dividing the file into 16 byte chunks, and using the same 128 bit key for creating a cipher in order to encrypt each chunk. I am running the following commands on each chunk as needed for encryption, and I am performing analysis on the encrypted results:

cipher = AES.new(key, AES.MODE_EAX)
nonce = cipher.nonce
ciphertext, tag = cipher.encrypt_and_digest(data_chunk)

I am not sure if my understanding is thorough. Would this be a valid approach towards encrypting the data via AES? Or are there other modes or approaches with MODE_EAX (like using the data of the full file?) that I should consider in this case?

SAI Peregrinus avatar
si flag
Is there a particular reason you're using pycryptodome? Likewise, why EAX? That's not a commonly used mode. It's slower than OCB or GCM, and doesn't solve the problems of nonce-reuse like SIV does. I want to understand the limitations you're working under, because my standard answer for the correct way of encrypting a file is "use age (age-encryption.org)".
Maarten Bodewes avatar
in flag
I’m voting to close this question because this question has been cross posted to SO, where it belongs.
Score:2
ru flag

You do not have to divide the data into 16-byte blocks and individually encrypt each block. The encrypt_and_digest method will handle all of this division for you. Instead you should call the method on the full array of data.

By individually enciphering each block you are creating a nonce and tag for each block rather than a single nonce and tag for all of your data. Even for moderate sized data this will roughly triple the size of your cryptogram. The only real benefit to producing one tag per blocks that if the integrity of the message is compromised, you can narrow down the change to which block it occurred in.

As noted in the comments AES.GCM is generally preferred over AES.EAX in modern implementations.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.