I’m mainly trying to verify large file chunks which are encrypted each alone with a different key/salt/nonce for each chunk then appended to the whole file in the end to form 1 file.
One thing I wanted to implement was the principle of not outputting plain data of any chunk to the user unless every chunk of the file authenticates successfully. If 1 fails, the whole operation fails.
To do this, if the file has multiple chunks, I do 1 pass to authenticate all chunks, then another pass to decrypt them if the first pass authenticates.
I’m using the library provided by .net to do this and it seems to output the plain chunk to a span if that chunk authenticates which would technically put the decrypted chunk in memory, technically allowing someone to see what’s happening in the memory for the time it is there. How am I supposed to ONLY authenticate without doing any output whatsoever to any destination, and can that library do it somehow (i.e. am I missing anything?) or should I use another library that provides this functionality?
It seems very odd to me that this is the behaviour, compare it to a group of people standing outside your door, you ask their ID one by one but it doesn’t mean that will let them enter automatically if they verify successfully.. maybe you want the full group in at once..