Unnecessary base64 output makes fernet inappropriate for files encryption #32
Comments
|
I suspect that if the fernet program is streaming, like when a compatible program uses a Unix pipe, converting to bytes would be idiomatic and fast. The question then is fernet streaming capable conversion efficient? I assume that for large payload on disk storage should be converted into bytes. I understand the desire for a byte output/input mode. For comparison, Age also outputs base64. |
|
I would also like to see an allowance in the Fernet specification for binary-encoded encrypted objects that simplify skip the final base64 encoding step. The base64 encoding is wasteful for binary storage applications (disk files, database binary BLOBs). Sure, objects can be decoded after encryption and reencoded before decryption, but that is four unnecessary base64/binary transcodings for each encryption/decryption round-trip. There have been multiple requests to the pyca/cryptography#4921 and every request is denied because the Fernet specification itself does not allow for it. There is no material change to the encryption/decryption process itself. Please consider it. Thanks! |
What is the reason there is a base64 for output of encryption? Is it really necessary? Why wont we get rid of it and make fernet usable even for files encryption - saving approx 1/3 of storage.
here are few issues addressing this problem in implementations of fernet spec:
pyca/cryptography#8755
pyca/cryptography#4921
The text was updated successfully, but these errors were encountered: