是我的加密安全的,因为的OpenPGP / SMIME? [英] Is my encryption safe as openPGP/SMIME?
问题描述
我想一个较大的项目中编写一个简单的文件ENC /解密。
我想,以避免因牌照问题libgpgme。 OpenPGP标准是复杂的项目时间表,我有。
我想我做的与OpenSSL的加密的东西。
I'm trying to write a simple file enc/decryption within a larger project. I'd like to avoid libgpgme because of license issues. The openPGP standard is to complex for the project timeframe i have. I'd like to do my encryption stuff with openssl.
现在我已经实现了以下内容:
Now i've implemented the following:
加密(pseude code):
encryption (pseude code):
RAND_bytes(aes_key)
RAND_bytes(aes_salt)
EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), (const unsigned char *)aes_salt, aes_key, sizeof(aes_key), 5, key, iv);
然后我AES256我的数据
then i aes256 my data
EVP_EncryptInit_ex(&e_ctx, EVP_aes_256_cbc(), NULL, key, iv);
然后我加密密钥和IV与RSA
then i encrypt the key and iv with RSA
RSA_public_encrypt(flen, (unsigned char *)key, encryptedKey, rsa, RSA_PKCS1_PADDING );
RSA_public_encrypt(flen, (unsigned char *)iv, encryptedIV, rsa, RSA_PKCS1_PADDING );
然后我保存的128位密钥和IV在我的文件(256字节的头)的顶部。
then i save the 128bit key and iv at the "top" of my file (256Bytes header).
解密:
- >读取第一个256字节(分成密钥和IV)
- >解密密钥和IV与当地的RSA私钥(当然RSA私钥未在文件中)
- >使用的密钥和IV对数据进行解密
decryption: -> read the first 256bytes (split into key and iv) -> decrypt the key and iv with the local RSA Private Key (of course the RSA Private Key IS NOT in the file) -> use the key and iv to decrypt the data
难道我一种安全与code?
Am i kind of safe with that code?
推荐答案
由于您使用OpenSSL的信封加密功能,无论如何,你应该直接使用 EVP_SealInit() / EVP_SealUpdate() / EVP_SealFinal()功能。这些函数以产生对称密钥和IV中,数据用对称密钥加密,并与收件人RSA密钥(多个)加密对称密钥的照顾。
Since you are using the OpenSSL envelope-encryption functions anyway, you should just directly use the EVP_SealInit() / EVP_SealUpdate() / EVP_SealFinal() functions. These functions take care of generating the symmetric key and IV, encrypting the data with the symmetric key and encrypting the symmetric key with the recipient(s) RSA key(s).
一旦你不采取照顾的是真实性。在CBC模式是可能的攻击者做出一定的predictable改变明文,即使他们不能读取它。为了检测这一点,您应该计算HMAC通过加密消息(使用一个单独的对称密钥是用于加密),或登录加密的消息(如用 EVP_SignInit() / EVP_SignUpdate() / EVP_SignFinal())。
Once thing that you are not taking care of is authenticity. Under CBC mode it is possible for an attacker to make certain predictable changes to the plaintext, even if they can't read it. To detect this, you should either calculate a HMAC over the encrypted message (using a seperate symmetric key to that used for encryption), or sign the encrypted message (eg. with EVP_SignInit() / EVP_SignUpdate() / EVP_SignFinal()).
这篇关于是我的加密安全的,因为的OpenPGP / SMIME?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
