libsodium - Use crypto_box_easy to encrypt files?

Question

I want to encrypt a large file (100 MB) with the a public-private-key method in libsodium. For small messages, I use crypto_box_easy(), but this does not work for large files. What is the best approach to use crypto_box_easy() for files? I cannot use a secret key, as I cannot to exchange the key securely and hence need to have sender and receiver a public and a private key.

What I thought about was to split the file up in small chunks (1 MB each), encrypt them and merge them into a large file, then split this up again and decrypt each chunk again with crypto_box_open_easy(). Is this a valid and - most important - a secure approach? Or are there other ways to encrypt a file in libsodium with public-private-keys?

Thanks!

Answer 1

Since crypto_box_easy() seems to be limited to in-memory data and the file size is to large you need to perform the hybrid encryption yourself.

This amounts to creating a random symmetric key and encrypt this key with asymmetric encryption. Then with the symmetric key using crypto_secretstream... encrypt the data. Then combine the encrypted key and the encrypted data.

See Hybrid Encryption for more details.