In WWDC21 session 10233: Bring Encrypted Archives and Performance Improvements to Your App with Accelerate, there is an example of encrypting a directory using the AppleArchive framework. There is also accompanying sample code.
However, that sample code uses a SymmetricKey and the hkdf_sha256_aesctr_hmac__symmetric__none profile. The key is set by calling context.setSymmetricKey(encryptionKey).
How can you perform the same operation of encrypting a directory using AppleArchive but with a "human" password? (i.e.: A password provided by the user from a prompt?)
Simply changing the profile to hkdf_sha256_aesctr_hmac__scrypt__none and then calling `context.setPassword("MyPassword") producing the following output "Error setting password (invalidValue)."
I also tried using the command line aea application, but received the output Password is too short.
Prompt:
> aea encrypt -v -password-value "password" -profile 5 -i MyDirectory -o MyDirectory.aea
Operation: encrypt
input: FOO
output: FOO.aea
profile: hkdf_sha256_aesctr_hmac__scrypt__none
worker threads: 10
auth data (raw): 0 B
compression: lzfse 1 MB
Error 0xb9075800
Password is too short
Main key derivation failed (-2)
Main key derivation
Invalid encryption parameters
Finally, in the file AEAContext.h, there is a comment associated with the method AEAContextSetPassword() that states:
Set context password
Stores a copy of password in context. Required to
encrypt / decrypt a stream when encryption mode is SCRYPT.
An internal size range is enforced for the password.
The caller is expected to enforce password strength policies.
@param context target object
@param password password (raw data)
@param password_size password size (bytes)
@return 0 on success, a negative error code on failure
I cannot find any other documentation that states what the password policy. And if there is a password policy for AppleEncryptedArchives, does that mean AEA is not a good fit for encrypting personal directories where the user just wants to use "any old password", regardless of the password's strength?