Problem:
I need to encrypt/decrypt a lot of data. This data is encrypted/decrypted using a password (more specifically using RNCrytor lib). One should be able to change this password.
My question is how this can be done most efficiently?
My not so great solution:
There must be a better method other than looping through all data and decrypting it. For then to encrypt it again using a new password.
This is one of the many problems that is solved by adding a layer of indirection. Generate a random key, use that key to encrypt the data, and store the key in a file (or database column or whatever) that is itself encrypted with a key derived from a password.
Something like (beware, I don't know Swift):
// Generation of the data keys
let dek = RNCryptor.randomDataOfLength(RNCryptor.FormatV3.keySize)
let dak = RNCryptor.randomDataOfLength(RNCryptor.FormatV3.keySize)
// Use these to work on the data
let encryptor = RNCryptor.EncryptorV3(encryptionKey: dek, hmacKey: dak)
let decryptor = RNCryptor.DecryptorV3(encryptionKey: dek, hmacKey: dak)
// Save the data keys encrypted with the password
let dek_file = RNCryptor.encryptData(dek, password: password)
let dak_file = RNCryptor.encryptData(dek, password: password)
// Store both dek_file and dak_file somewhere
// Next time, load dek_file and dak_file from where you stored them
let dek = RNCryptor.decryptData(dek_file, password: password)
let dak = RNCryptor.decryptData(dek_file, password: password)