Implementing password-based file encryption

[pieterdd]

I'm figuring out how to implement secure password-based file encryption in the simplest possible way. I intend to incorporate it into a small CLI program that stores 2FA tokens. But since my cryptography knowledge is lacking, a minimal working example that follows current best practices could be a good reference for laymen like myself.

Specific points of interest:

• Which technologies to put together (e.g. AES256 GCM, Argon2id, PBKDF)
• Which settings to use, and how to make the pieces of the puzzle fit (e.g. making sure the length of the derived key has the exact right size)