How to encrypt a file with code?

Question

How can I encrypt a file using my own programming code?
I am a beginner, I want to learn encryption.

Answer 1

There are two parts to my answer:

1. For production code, you should NEVER use your own crypto. ALWAYS use a tested, reviewed crypto library. If your question refers to production code, use a library in your target programming language. For some libraries for popular languages see here.

2. If you only intend to learn from this, you can use some free information on cryptography from the following resources: Cryptography Primer, A Graduate Course in Applied Cryptography and an online course on cryptography. You will probably need some background in programming, but this is not the place to start if you don't have any. Cryptography algorithms can range in implementation difficulty, so I would suggest you start with a simple cipher and work your way up.

Answer 2

1. This is a very broad question with plenty of online resources that would already have answered your question if you had looked for them.
2. You are also asking a code-related question on the Information Security StackExchange website, while code-related questions should usually be asked on StackOverflow.

Still, I think this is a good question to have a canonical answer to, so I will provide a general answer to point you in the right direction, without giving specific code.

---

Doing encryption correctly is not easy. It involves reading and learning a lot. You can use encryption for yourself to experiment with, but you should not trust your own code to provide proper security. If you want to use encryption in a product that is to be used by other people or even companies, please ask an expert to review it (as a consultant). If you use this in an open source project, you should add warnings that the encryption might contain unknown vulnerabilities.

With that out of the way, here is what you should be looking for:

• How to use a library (in the programming language of your choice) to encrypt a file, using a secure encryption algorithm.
• How authenticated encryption works, such that you can detect when the file has been changed after it was encrypted.
• How to turn a password into a key suitable for use in an encryption algorithm. The phrase you should come across is a key derivation function.

Before using a specific algorithm, such as AES or RC4 or MD5, look on Wikipedia to see whether it is well-known and whether it has any vulnerabilities. For example, RC4 and MD5 are no longer recommended to be used. Other algorithms that people post online (which they made themselves) are not well-known and tested, and are almost always broken. This is less common these days compared to ten years ago, but still something to watch out for.

If you want to use AES-256 in CTR mode with PBKDF2-SHA256 as a KDF and HMAC-SHA256 as a authentication code, there are now many things you have to look up: is AES-256 secure? Is PBKDF2 secure and how should it be used? Is SHA256 secure? And is HMAC secure? Should you first compute the HMAC and then encrypt, or the other way around? How should CTR mode be used? Etc.

Another good starting point to learn about encryption in general is the Crypto 1 course on Coursera. It gives a solid overview, but is not very practical. Depending on how eager you are to dive into coding something yourself, this may or may not be an applicable course to follow.