I am trying to encrypt a sensitive file and AGE won’t cut it.
If on Linux and need automatization, GnuPG works, and you can use RSA keys. It’s slower than symmetric for large files, but I had success encrypting several tens of GB database backups with a 2048 bit key with no issue. The higher key length you go, the slower. But it has the advantage that you only need to keep the public key on the machine you are encrypting on, and keep the private key safely stored away for when you need to devrypt. Unlike for symmetric, when if you need repeatable / automatized encryption, and you’d store the key in a config somewhere and it’s not throwaway and also used for decryption.
Normally you would go with symmetric and generate a good, random AES key each time you encrypt, use AES for actual encryption which is very FAST, and encrypt just the AES key with RSA. But this complicates scripts a lot and you end up with 2 dependent files to take care of (encrypted file and encrypted AES key).
If no automation is necessary, use VeraCrypt containers. You can keep multiple files in a container. And you have several symmetric algorithms to pick from and you can control the number of iterations for key derivation. Debatable as to the added security, but you can also choose to chain up to 3 algorithms in your preferred order.
abecede@feddit.de 11 months ago
Why not just GnuPG / PGP, and also storing your good passworded private key in a secure place? I’ve not heard of any successful attacks without a private key yet.