Description
Is your feature request related to a problem? Please describe.
We need to be able to encrypt large files as well as perform random access when decrypting files. Based on my understanding of AES CTR, this should already be possible, however, there are no Themis APIs that allow us to do this.
Describe the solution you'd like to see
I believe the following API (in Java) should provide the necessary primitives to support this use case with minimal dependencies (e.g. no Java File or stream APIs):
public interface ContextImprintByOffset {
byte[] encrypt(byte[] data, byte[] context, long offset);
byte[] decrypt(byte[] data, byte[] context, long offset);
}In the above interface an offset parameter is added which would be used to offset the counter appropriately when using the IV to encrypt and decrypt each byte. Additionally, the context parameter could be removed from this interface and instead provided as a constructor parameter when creating the instance (along with the key) since the additional context should be the same for every call to encrypt and decrypt for a given file.
Describe alternatives you've considered
An alternative is that we could split our large files into chunks, encrypt each chunk individually using Seal, Token Protect, or Context Imprint, and concatenate each chunk into an output file. For random access reads, we would determine which chunks need to be decrypted in order to return the requested data. This would effectively be creating our own data format based on the chosen encryption mode, chunk size, and header format.
Since AES CTR effectively already supports this capability, it would be nice to simply utilize that instead of defining our own format and strategy.