implementing-aes-encryption-for-data-at-rest
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseImplementing AES Encryption for Data at Rest
实现静态数据的AES加密
Overview
概述
AES (Advanced Encryption Standard) is a symmetric block cipher standardized by NIST (FIPS 197) used to protect classified and sensitive data. This skill covers implementing AES-256 encryption in GCM mode for encrypting files and data stores at rest, including proper key derivation, IV/nonce management, and authenticated encryption.
AES(Advanced Encryption Standard,高级加密标准)是由NIST(美国国家标准与技术研究院,FIPS 197)标准化的对称分组密码,用于保护机密和敏感数据。本技能涵盖在GCM模式下实现AES-256加密,以加密静态文件和数据存储,包括正确的密钥派生、IV/随机数(nonce)管理以及认证加密。
When to Use
使用场景
- When deploying or configuring implementing aes encryption for data at rest capabilities in your environment
- When establishing security controls aligned to compliance requirements
- When building or improving security architecture for this domain
- When conducting security assessments that require this implementation
- 在您的环境中部署或配置静态数据AES加密功能时
- 建立符合合规要求的安全控制措施时
- 构建或改进该领域的安全架构时
- 开展需要此实现的安全评估时
Prerequisites
前置条件
- Familiarity with cryptography concepts and tools
- Access to a test or lab environment for safe execution
- Python 3.8+ with required dependencies installed
- Appropriate authorization for any testing activities
- 熟悉密码学概念和工具
- 可访问测试或实验室环境以安全执行操作
- 安装了必要依赖的Python 3.8+版本
- 具备任何测试活动的适当授权
Objectives
目标
- Implement AES-256-GCM encryption and decryption for files
- Derive encryption keys from passwords using PBKDF2 and Argon2
- Manage initialization vectors (IVs) and nonces securely
- Encrypt and decrypt entire directory trees
- Implement authenticated encryption to detect tampering
- Handle large files with streaming encryption
- 实现文件的AES-256-GCM加密和解密
- 使用PBKDF2和Argon2从密码派生加密密钥
- 安全管理初始化向量(IV)和随机数(nonce)
- 加密和解密整个目录树
- 实现认证加密以检测篡改行为
- 通过流式加密处理大文件
Key Concepts
核心概念
AES Modes of Operation
AES 操作模式
| Mode | Authentication | Parallelizable | Use Case |
|---|---|---|---|
| GCM | Yes (AEAD) | Yes | Network data, file encryption |
| CBC | No | Decrypt only | Legacy systems, disk encryption |
| CTR | No | Yes | Streaming encryption |
| CCM | Yes (AEAD) | No | IoT, constrained environments |
| 模式 | 支持认证 | 可并行化 | 使用场景 |
|---|---|---|---|
| GCM | 是(AEAD) | 是 | 网络数据、文件加密 |
| CBC | 否 | 仅解密 | 遗留系统、磁盘加密 |
| CTR | 否 | 是 | 流式加密 |
| CCM | 是(AEAD) | 否 | IoT、受限环境 |
Key Derivation
密钥派生
Never use raw passwords as encryption keys. Always derive keys using:
- PBKDF2: NIST-approved, widely supported (minimum 600,000 iterations as of 2024)
- Argon2id: Winner of Password Hashing Competition, memory-hard
- scrypt: Memory-hard, good alternative to Argon2
切勿将原始密码用作加密密钥。务必通过以下方式派生密钥:
- PBKDF2:NIST认可,广泛支持(截至2024年,最少600,000次迭代)
- Argon2id:密码哈希竞赛获胜者,内存密集型
- scrypt:内存密集型,Argon2的良好替代方案
Nonce/IV Management
Nonce/IV 管理
- GCM requires a 96-bit (12-byte) nonce that must NEVER be reused with the same key
- Generate nonces using (CSPRNG)
os.urandom() - Store nonce alongside ciphertext (it is not secret)
- GCM要求使用96位(12字节)的nonce,同一密钥下绝对不能重复使用
- 使用(密码学安全伪随机数生成器)生成nonce
os.urandom() - 将nonce与密文一起存储(它不是机密信息)
Workflow
工作流程
- Install the library:
cryptographypip install cryptography - Generate or derive an encryption key
- Create a random nonce for each encryption operation
- Encrypt data using AES-256-GCM with the key and nonce
- Store nonce + ciphertext + authentication tag together
- For decryption, extract nonce, verify tag, and decrypt
- 安装库:
cryptographypip install cryptography - 生成或派生加密密钥
- 为每次加密操作创建随机nonce
- 使用密钥和nonce通过AES-256-GCM加密数据
- 将nonce + 密文 + 认证标签一起存储
- 解密时,提取nonce、验证标签并解密
Encrypted File Format
加密文件格式
[salt: 16 bytes][nonce: 12 bytes][ciphertext: variable][tag: 16 bytes][salt: 16 bytes][nonce: 12 bytes][ciphertext: variable][tag: 16 bytes]Security Considerations
安全注意事项
- Always use authenticated encryption (GCM, CCM) to prevent tampering
- Never reuse a nonce with the same key (catastrophic in GCM)
- Use at least 256-bit keys for long-term data protection
- Securely wipe keys from memory after use when possible
- Rotate encryption keys periodically per organizational policy
- For disk-level encryption, consider XTS mode (AES-XTS)
- 始终使用认证加密(GCM、CCM)以防止篡改
- 同一密钥下绝不能重复使用nonce(在GCM中会导致严重安全问题)
- 至少使用256位密钥进行长期数据保护
- 尽可能在使用后从内存中安全清除密钥
- 根据组织策略定期轮换加密密钥
- 对于磁盘级加密,考虑使用XTS模式(AES-XTS)
Validation Criteria
验证标准
- AES-256-GCM encryption produces valid ciphertext
- Decryption recovers original plaintext exactly
- Authentication tag detects any ciphertext modification
- Key derivation uses sufficient iterations/parameters
- Nonces are never reused for the same key
- Large files (>1GB) can be processed via streaming
- Encrypted file format includes all necessary metadata
- AES-256-GCM加密生成有效的密文
- 解密可精确恢复原始明文
- 认证标签可检测任何密文修改
- 密钥派生使用足够的迭代次数/参数
- 同一密钥下nonce从不重复使用
- 可通过流式处理大文件(>1GB)
- 加密文件格式包含所有必要的元数据