I am about to go paperless, and I want to protect the documents that I scan. The use case is that I'll be scanning paper documents, encrypting each file, and storing them locally and on various backup destinations. I've been researching various ideas for how to protect those documents, but I need more guidance. Here are the details of the system I'm trying to implement:
- Protection is at file level. If someone gets their hands on a file, I want them to be unable to use it.
- Transmission safety is out-of-scope, and assumed to be handled by whatever system is transporting the file.
- The files will be encrypted on a Mac.
- Decryption should be as widely-available as possible. For example, if I want to view a file on my iPhone, I should be able to use an existing library to write an app to do so.
I've looked at using security and encryption libraries in OS X to make a lightweight tool for this. I'm a software engineer, so I'm perfectly comfortable with writing my own application, but I am new to security. I am not comfortable making the security decisions without consulting people who know more than I do.
- I've considered AES, but then I read about padding and encryption modes, and I got lost in the details of which to choose.
- I've considered GnuPG, but I don't like the idea of having to download a separate tool. Yes, it's open source, but if I can use functionality built into the OS, that would be preferred.
Is there a recommended approach for this?