I have a program that regularly appends small pieces (say 8 bytes) of sensitive data to a number of logfiles. I would like this data to be encrypted. I want the program to start automatically at boot time, so I don’t want to type a password at program start. I also don’t want it to store a password somewhere, since that would almost defeat the purpose of encryption.
For these reasons, it seems to me that public key encryption would be a good choice. The program knows my public key, but my private key is password protected somewhere else.
So far, so good. But when I try to use PyCrypto to RSA (or ElGamal)-encrypt a small 5-byte string, the output explodes to 128 bytes. My logfiles are large enough as it is… On the other hand, when I try a symmetric crypto, like Blowfish, the output string is just as large as the input string.
So, my question is: Is there a reasonably secure public key encryption algorithm where I can encrypt data 8 bytes at a time and don’t have it blow up? (I guess a factor of 2 would be OK). I think what I want is a public key stream cipher.
If there is not such a thing, I think I will just give up and use a symmetric crypto and give the password manually on startup.
Typically this is solved in the way that the program creates some (real) random numbers which are used as a secret key to a symmetric encryption algorithm.
In you program you have to do something like:
To decrypt this,
You might want to get some random data (e.g. >=256bit) for a ‘good’ key.